diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000000000000000000000000000000000000..05a0e946187b8160d0c54c23a9f8100f44e0f43b
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.xz filter=lfs diff=lfs merge=lfs -text
diff --git a/.lfsconfig b/.lfsconfig
new file mode 100644
index 0000000000000000000000000000000000000000..79843be7ab26a8efb780ec7203620716130494b2
--- /dev/null
+++ b/.lfsconfig
@@ -0,0 +1,2 @@
+[lfs]
+	url = https://artlfs.openeuler.openatom.cn/src-openEuler/ruby
diff --git a/net-imap-0.3.8.gem b/net-imap-0.3.8.gem
new file mode 100644
index 0000000000000000000000000000000000000000..5567bb060cc5252cfe1f3a9ca26043b68e4cf54b
Binary files /dev/null and b/net-imap-0.3.8.gem differ
diff --git a/ruby-3.2.2.tar.xz b/ruby-3.2.2.tar.xz
index 4adb7e55f1f98f4a3517ab8af59443c07e739325..6c4f28b3dbca85d2c4906861780d467b7e061d15 100644
Binary files a/ruby-3.2.2.tar.xz and b/ruby-3.2.2.tar.xz differ
diff --git a/ruby.spec b/ruby.spec
index 01fc1bceb77c387d6ca704387209a465985b4b6e..aa7fb0de31cb420167ad4685cdd5b3865ba64c5b 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -24,7 +24,7 @@
 %global rss_version 0.2.9
 %global typeprof_version 0.21.3
 %global net_ftp_version 0.2.0
-%global net_imap_version 0.3.4
+%global net_imap_version 0.3.8
 %global net_pop_version 0.1.2
 %global net_smtp_version 0.3.3
 %global matrix_version 0.4.2
@@ -33,7 +33,7 @@
 
 Name:      ruby
 Version:   %{ruby_version}
-Release:   147
+Release:   148
 Summary:   Object-oriented scripting language interpreter
 License:   (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 URL:       https://www.ruby-lang.org/en/
@@ -55,6 +55,9 @@ Source13:  test_systemtap.rb
 %{load:%{SOURCE4}}
 %{load:%{SOURCE5}}
 
+# Separated source for security updates
+Source6001: https://rubygems.org/downloads/net-imap-%{net_imap_version}.gem
+
 # Fix ruby_version abuse.
 # https://bugs.ruby-lang.org/issues/11002
 Patch0: ruby-2.3.0-ruby_version.patch
@@ -380,6 +383,13 @@ rm -rf ext/fiddle/libffi*
 
 cp -a %{SOURCE3} .
 
+# Update net-imap.gem by replace it with downloaded gem
+(
+rm -f gems/net-imap*.gem
+cp %{S:6001} gems/net-imap-%{net_imap_version}.gem
+sed -i -e 's,net-imap        0.3.4,net-imap           %{net_imap_version},' gems/bundled_gems
+)
+
 %build
 autoconf
 
@@ -888,6 +898,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
 %{gem_dir}/specifications/matrix-%{matrix_version}.gemspec
 
 %changelog
+* Thu Feb 13 2025 Funda Wang <fundawang@yeah.net> - 3.2.2-148
+- update bundled net-imap to 0.3.8 to fix CVE-2025-25186
+
 * Tue Oct 29 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-147
 - fix CVE-2024-49761