diff --git a/backport-CVE-2025-43718.patch b/backport-CVE-2025-43718.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6e14d0faa9bebcdc673725f779243d38de1006dc
--- /dev/null
+++ b/backport-CVE-2025-43718.patch
@@ -0,0 +1,30 @@
+From f54b815672117c250420787c8c006de98e8c7408 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Wed, 26 Mar 2025 11:26:32 +0100
+Subject: [PATCH] Make sure regex doesn't stack overflow by limiting it
+
+Happens with very long pdfsubver strings when compiled with
+-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -flto=auto
+
+Reference:https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408
+Conflict:Adapt context
+---
+ poppler/PDFDoc.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/poppler/PDFDoc.cc b/poppler/PDFDoc.cc
+index 6e4d0a3..ec5ce6e 100644
+--- a/poppler/PDFDoc.cc
++++ b/poppler/PDFDoc.cc
+@@ -489,7 +489,7 @@ static PDFSubtypePart pdfPartFromString(PDFSubtype subtype, const std::string &p
+ 
+ static PDFSubtypeConformance pdfConformanceFromString(const std::string &pdfsubver)
+ {
+-    const std::regex regex("PDF/(?:A|X|VT|E|UA)-[[:digit:]]([[:alpha:]]+)");
++    const std::regex regex("PDF/(?:A|X|VT|E|UA)-[[:digit:]]([[:alpha:]]{1,3})");
+     std::smatch match;
+     PDFSubtypeConformance pdfConf = subtypeConfNone;
+ 
+-- 
+2.43.0
+
diff --git a/poppler.spec b/poppler.spec
index 3ddec271666b07ac566ffab386c9bc1ff2afa4fd..90959d4d1a876217b4686c6b9702e13f13253e66 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -4,7 +4,7 @@
 
 Name:    poppler
 Version: 23.12.0
-Release: 11
+Release: 12
 Summary: PDF rendering library
 License: GPLv2+ and LGPLv2+ and MIT
 URL:     http://poppler.freedesktop.org/
@@ -21,6 +21,7 @@ Patch6003: backport-CVE-2025-32365.patch
 Patch6004: backport-CVE-2025-43903.patch
 Patch6005: backport-CVE-2025-52886.patch
 Patch6006: backport-CVE-2025-50420.patch
+Patch6007: backport-CVE-2025-43718.patch
 
 BuildRequires: make
 BuildRequires: cmake
@@ -265,6 +266,9 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}"
 %{_mandir}/man1/*
 
 %changelog
+* Thu Oct 09 2025 lingsheng <lingsheng1@h-partners.com> - 23.12.0-12
+- fix CVE-2025-43718
+
 * Thu Sep 11 2025 peijiankang <peijiankang@kylinos.cn> - 23.12.0-11
 - fix man repetitive packaging