diff --git a/backport-CVE-2025-43903.patch b/backport-CVE-2025-43903.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5c29b6583e72469fe11159bc01872c1958876b28
--- /dev/null
+++ b/backport-CVE-2025-43903.patch
@@ -0,0 +1,49 @@
+Backport of:
+
+From f1b9c830f145a0042e853d6462b2f9ca4016c669 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Juraj=20=C5=A0arinay?= <juraj@sarinay.com>
+Date: Thu, 6 Mar 2025 02:02:56 +0100
+Subject: [PATCH] Properly verify adbe.pkcs7.sha1 signatures.
+
+For signatures with non-empty encapsulated content
+(typically adbe.pkcs7.sha1), we only compared hash values and
+never actually checked SignatureValue within SignerInfo.
+The bug introduced by c7c0207b1cfe49a4353d6cda93dbebef4508138f
+made trivial signature forgeries possible. Fix this by calling
+NSS_CMSSignerInfo_Verify() after the hash values compare equal.
+---
+ poppler/NSSCryptoSignBackend.cc | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+--- poppler-0.86.1.orig/poppler/SignatureHandler.cc
++++ poppler-0.86.1/poppler/SignatureHandler.cc
+@@ -431,22 +431,19 @@ SignatureValidationStatus SignatureHandl
+       This means it's not a detached type signature
+       so the digest is contained in SignedData->contentInfo
+     */
+-    if (memcmp(digest.data, content_info_data->data, hash_length) == 0
+-        && digest.len == content_info_data->len)
+-    {
+-      PORT_Free(digest_buffer);
+-      return SIGNATURE_VALID;
+-    }
+-    else
+-    {
++    if (digest.len != content_info_data->len || memcmp(digest.data, content_info_data->data, digest.len) != 0) {
+       PORT_Free(digest_buffer);
+       return SIGNATURE_DIGEST_MISMATCH;
+     }
+ 
++    auto innerHashContext = HASH_Create(getHashAlgorithm());
++    HASH_Update(innerHashContext, content_info_data->data, content_info_data->len);
++    HASH_End(innerHashContext, digest_buffer, &result_len, hash_length);
++    digest.data = digest_buffer;
++    digest.len = hash_length;
+   }
+-  else if (NSS_CMSSignerInfo_Verify(CMSSignerInfo, &digest, nullptr) != SECSuccess)
+-  {
+ 
++  if (NSS_CMSSignerInfo_Verify(CMSSignerInfo, &digest, nullptr) != SECSuccess) {
+     PORT_Free(digest_buffer);
+     return NSS_SigTranslate(CMSSignerInfo->verificationStatus);
+   }
diff --git a/poppler.spec b/poppler.spec
index 0cd85ae6add0a0ff54d0e684baa6a99f216b956d..0db8174ba7646dca2d49a4112668022ef7650695 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -4,7 +4,7 @@
 Summary:        PDF rendering library
 Name:           poppler
 Version:        0.90.0
-Release:        15
+Release:        16
 License:        (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:            http://poppler.freedesktop.org/
 Source0:        http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@@ -32,6 +32,7 @@ Patch6014:      backport-CVE-2025-52886.patch
 Patch6015:      backport-CVE-2025-50420.patch
 Patch6016:      backport-CVE-2025-43718.patch
 Patch6017:      backport-CVE-2025-52885.patch
+Patch6018:      backport-CVE-2025-43903.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -231,6 +232,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*
 
 %changelog
+* Mon Oct 20 2025 lingsheng <lingsheng1@h-partners.com> - 0.90.0-16
+- fix CVE-2025-43903
+
 * Sat Oct 11 2025 lingsheng <lingsheng1@h-partners.com> - 0.90.0-15
 - fix CVE-2025-52885