diff --git a/CVE-2025-57804.patch b/CVE-2025-57804.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7463d6abb08b6f9dc70ef15648abc52569673c75
--- /dev/null
+++ b/CVE-2025-57804.patch
@@ -0,0 +1,91 @@
+From: Maximilian Hils <git@maximilianhils.com>
+Date: Tue, 19 Aug 2025 08:35:52 +0200
+Subject: [PATCH] be stricter about which characters to accept for headers
+
+This now adheres to the minimal requirements laid out in RFC 9113. We could
+consider putting additional restrictions on the header value, but in order to
+keep breakage at a minimum let's do that in a later release if at all.
+
+Reviewed-By: Daniel Leidert <dleidert@debian.org>
+Origin: https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3
+Origin: https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a
+Bug: https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h
+Bug-Debian: https://bugs.debian.org/1112348
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-57804
+Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-57804
+---
+ src/h2/utilities.py          | 34 ++++++++++++++++++++++++++++++++++
+ test/test_invalid_headers.py |  8 ++++++++
+ 2 files changed, 42 insertions(+)
+
+diff --git a/src/h2/utilities.py b/src/h2/utilities.py
+index eb07f57..51f25a0 100644
+--- a/src/h2/utilities.py
++++ b/src/h2/utilities.py
+@@ -206,6 +206,9 @@ def validate_headers(headers, hdr_validation_flags):
+     # For example, we avoid tuple upacking in loops because it represents a
+     # fixed cost that we don't want to spend, instead indexing into the header
+     # tuples.
++    headers = _reject_illegal_characters(
++        headers, hdr_validation_flags,
++    )
+     headers = _reject_uppercase_header_fields(
+         headers, hdr_validation_flags
+     )
+@@ -229,6 +232,37 @@ def validate_headers(headers, hdr_validation_flags):
+     return headers
+ 
+ 
++def _reject_illegal_characters(headers, hdr_validation_flags):
++    """"
++    Raises a ProtocolError if any header names or values contain illegal characters.
++    See RFC 9113, section 8.2.1.
++    """
++    for header in headers:
++        # > A field name MUST NOT contain characters in the ranges 0x00-0x20, 0x41-0x5a,
++        # > or 0x7f-0xff (all ranges inclusive).
++        for c in header[0]:
++            if c <= 0x20 or 0x41 <= c <= 0x5a or 0x7f <= c:
++                msg = f"Illegal character '{chr(c)}' in header name: {header[0]!r}"
++                raise ProtocolError(msg)
++
++        # > With the exception of pseudo-header fields (Section 8.3), which have a name
++        # > that starts with a single colon, field names MUST NOT include a colon (ASCII
++        # > COLON, 0x3a).
++        if header[0].find(b":", 1) != -1:
++            msg = f"Illegal character ':' in header name: {header[0]!r}"
++            raise ProtocolError(msg)
++
++        # > A field value MUST NOT contain the zero value (ASCII NUL, 0x00), line feed
++        # > (ASCII LF, 0x0a), or carriage return (ASCII CR, 0x0d) at any position.
++        for c in header[1]:
++            if c == 0 or c == 0x0a or c == 0x0d:
++                msg = f"Illegal character '{chr(c)}' in header value: {header[1]!r}"
++                raise ProtocolError(msg)
++
++        # Surrounding whitespace is enforced in `_reject_surrounding_whitespace`.
++        yield header
++
++
+ def _reject_uppercase_header_fields(headers, hdr_validation_flags):
+     """
+     Raises a ProtocolError if any uppercase character is found in a header
+diff --git a/test/test_invalid_headers.py b/test/test_invalid_headers.py
+index a379950..fecf660 100644
+--- a/test/test_invalid_headers.py
++++ b/test/test_invalid_headers.py
+@@ -50,6 +50,14 @@ class TestInvalidFrameSequences(object):
+         base_request_headers + [('host', 'notexample.com')],
+         base_request_headers + [(' name', 'name with leading space')],
+         base_request_headers + [('name ', 'name with trailing space')],
++        base_request_headers + [('illegal:characters', 'value')],
++        base_request_headers + [('illegal-\r-characters', 'value')],
++        base_request_headers + [('illegal-\n-characters', 'value')],
++        base_request_headers + [('illegal-\x00-characters', 'value')],
++        base_request_headers + [('illegal-\x01-characters', 'value')],
++        base_request_headers + [('illegal-characters', 'some \r value')],
++        base_request_headers + [('illegal-characters', 'some \n value')],
++        base_request_headers + [('illegal-characters', 'some \x00 value')],
+         base_request_headers + [('name', ' value with leading space')],
+         base_request_headers + [('name', 'value with trailing space ')],
+         [header for header in base_request_headers
diff --git a/python-h2.spec b/python-h2.spec
index 3bcf55246d9338bb94d854ac7fc5ff779d088421..e00d6508d0412d8508db90bf26445843dcfd7724 100644
--- a/python-h2.spec
+++ b/python-h2.spec
@@ -1,11 +1,12 @@
 Name:           python-h2
 Version:        4.0.0
-Release:        2
+Release:        3
 Summary:        A HTTP/2 protocol stack for Python
 License:        MIT
 URL:            http://hyper.rtfd.org
 Source0:        https://files.pythonhosted.org/packages/05/b8/cc1692aab910c0319b7c35e03c043bdda1cfeff67fa25b555eb2864a36e3/h2-4.0.0.tar.gz
 Patch0:         fix-with-hypothesis-6.6.patch
+Patch1:         CVE-2025-57804.patch
 BuildArch:      noarch
 
 BuildRequires:  (python3dist(hpack) >= 4 with python3dist(hpack) < 5)
@@ -72,6 +73,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib}  %{__python3} -m pytest
 %doc html LICENSE
 
 %changelog
+* Thu Sep 04 2025 wangkai <13474090681@163.com> - 4.0.0-3
+- Fix CVE-2025-57804
+
 * Mon Oct 31 2022 Ge Wang <wangge20@huawei.com> - 4.0.0-2
 - fix compile error due to python-hypothesis update to 6.47.0