diff --git a/CVE-2025-40908.patch b/CVE-2025-40908.patch
new file mode 100644
index 0000000000000000000000000000000000000000..913da4b3d90daad812fc9199704ffcd45469a4a7
--- /dev/null
+++ b/CVE-2025-40908.patch
@@ -0,0 +1,29 @@
+From 5fe9daed726c06900c3cd41a739460057bec6dc3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tina=20M=C3=BCller?= <cpan2@tinita.de>
+Date: Wed, 29 Jan 2025 21:17:28 +0100
+Subject: [PATCH] Use 3-arg form of open in LoadFile
+
+Origin: https://github.com/ingydotnet/yaml-libyaml-pm/pull/121
+
+Fixes https://github.com/ingydotnet/yaml-libyaml-pm/issues/120
+
+Otherwise `$filename = ">file.yaml"; LoadFile($filename)` will truncate a file.
+
+One should check untrusted filenames in any case, though.
+---
+ lib/YAML/XS.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/YAML/XS.pm b/lib/YAML/XS.pm
+index 66ff5ba..e8df694 100644
+--- a/lib/YAML/XS.pm
++++ b/lib/YAML/XS.pm
+@@ -54,7 +54,7 @@ sub LoadFile {
+         $IN = $filename;
+     }
+     else {
+-        open $IN, $filename
++        open $IN, '<', $filename
+           or die "Can't open '$filename' for input:\n$!";
+     }
+     return YAML::XS::LibYAML::Load(do { local $/; local $_ = <$IN> });
diff --git a/perl-YAML-LibYAML.spec b/perl-YAML-LibYAML.spec
index eea4940c346e69807dbc1d4f5992beacd8dee94f..2e1d83070cd5e1c6a74c7ccfd363558acb2aca84 100644
--- a/perl-YAML-LibYAML.spec
+++ b/perl-YAML-LibYAML.spec
@@ -1,11 +1,12 @@
 Name:           perl-YAML-LibYAML
 Epoch:          1
 Version:        0.74
-Release:        2
+Release:        3
 Summary:        Perl YAML Serialization using XS and libyaml
 License:        GPL+ or Artistic
 URL:            https://metacpan.org/release/YAML-LibYAML
 Source0:        https://cpan.metacpan.org/modules/by-module/YAML/YAML-LibYAML-%{version}.tar.gz
+Patch0:         CVE-2025-40908.patch
 
 BuildRequires:  coreutils findutils perl-devel perl-generators perl-interpreter perl(Config)
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76 perl(B::Deparse) perl(base) perl(constant)
@@ -57,5 +58,8 @@ find %{buildroot} -type f -name '*.bs' -empty -exec rm {} \;
 %{_mandir}/man3/YAML::*
 
 %changelog
+* Wed Jun 04 2025 wangkai <13474090681@163.com> - 1:0.74-3
+- Fix CVE-2025-40908
+
 * Tue Feb 18 2020 lingsheng <lingsheng@huawei.com> - 1:0.74-2
 - Package init