diff --git a/backport-CVE-2025-10158.patch b/backport-CVE-2025-10158.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6527476e3b04fc9818c81c093a58414479b6d50a
--- /dev/null
+++ b/backport-CVE-2025-10158.patch
@@ -0,0 +1,27 @@
+From 797e17fc4a6f15e3b1756538a9f812b63942686f Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Aug 2025 17:26:53 +1000
+Subject: [PATCH] fixed an invalid access to files array
+
+this was found by Calum Hutton from Rapid7. It is a real bug, but
+analysis shows it can't be leverged into an exploit. Worth fixing
+though.
+
+Many thanks to Calum and Rapid7 for finding and reporting this
+---
+ sender.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sender.c b/sender.c
+index a4d46c39e..b1588b701 100644
+--- a/sender.c
++++ b/sender.c
+@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out)
+ 
+ 		if (ndx - cur_flist->ndx_start >= 0)
+ 			file = cur_flist->files[ndx - cur_flist->ndx_start];
++		else if (cur_flist->parent_ndx < 0)
++			exit_cleanup(RERR_PROTOCOL);
+ 		else
+ 			file = dir_flist->files[cur_flist->parent_ndx];
+ 		if (F_PATHNAME(file)) {
diff --git a/rsync.spec b/rsync.spec
index 340ecb6998b0da46bf90fc294268d448d335e270..ae54754b05764ed432f1e71d40d475f68d0856ec 100644
--- a/rsync.spec
+++ b/rsync.spec
@@ -1,6 +1,6 @@
 Name:           rsync
 Version:        3.2.7
-Release:        6
+Release:        7
 Summary:        Fast incremental file transfer utility
 License:        GPL-3.0-or-later
 URL:            http://rsync.samba.org/
@@ -26,6 +26,7 @@ Patch6011:      backport-CVE-2024-12088.patch
 Patch6012:      backport-CVE-2024-12747.patch
 Patch6013:      backport-Fix_use-after-free_in_generator.patch
 Patch6014:      backport-Fix-FLAG_GOT_DIR_FLIST-collission-with-FLAG_HLINKED.patch
+Patch6015:      backport-CVE-2025-10158.patch
 
 BuildRequires:  git gcc systemd libacl-devel libattr-devel autoconf popt-devel
 BuildRequires:  lz4-devel openssl-devel libzstd-devel
@@ -100,6 +101,9 @@ install -D -m644 %{SOURCE5} %{buildroot}/%{_unitdir}/rsyncd@.service
 %{_mandir}/man5/rsyncd.conf.5*
 
 %changelog
+* Thu Nov 20 2025 yujingbo <yujingbo@kylinos.cn> - 3.2.7-7
+- fix CVE-2025-10158
+
 * Wed Jan 15 2025 Funda Wang <fundawang@yeah.net> - 3.2.7-6
 - fix CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087,
   CVE-2024-12088, CVE-2024-12747