diff --git a/backport-CVE-2025-59362.patch b/backport-CVE-2025-59362.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b52ee890e268d3a0a2d38e04cf13dcfc038cef76
--- /dev/null
+++ b/backport-CVE-2025-59362.patch
@@ -0,0 +1,51 @@
+From 250a18e0a80694b919972a1836cdfe20f2e1baa0 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Sat, 30 Aug 2025 06:49:36 +0000
+Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
+
+Conflict: NA
+Reference: http://github.com/squid-cache/squid/commit/250a18e0a80694b919972a1836cdfe20f2e1baa0
+---
+ lib/snmplib/asn1.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
+index 81f2051fbe7..2852c26b220 100644
+--- a/lib/snmplib/asn1.c
++++ b/lib/snmplib/asn1.c
+@@ -735,6 +735,7 @@ asn_build_objid(u_char * data, int *datalength,
+      * lastbyte ::= 0 7bitvalue
+      */
+     u_char buf[MAX_OID_LEN];
++    u_char *bufEnd = buf + sizeof(buf);
+     u_char *bp = buf;
+     oid *op = objid;
+     int asnlength;
+@@ -753,6 +754,10 @@ asn_build_objid(u_char * data, int *datalength,
+     while (objidlength-- > 0) {
+         subid = *op++;
+         if (subid < 127) {  /* off by one? */
++            if (bp >= bufEnd) {
++                snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                return (NULL);
++            }
+             *bp++ = subid;
+         } else {
+             mask = 0x7F;    /* handle subid == 0 case */
+@@ -770,8 +775,16 @@ asn_build_objid(u_char * data, int *datalength,
+                 /* fix a mask that got truncated above */
+                 if (mask == 0x1E00000)
+                     mask = 0xFE00000;
++                if (bp >= bufEnd) {
++                    snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                    return (NULL);
++                }
+                 *bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
+             }
++            if (bp >= bufEnd) {
++                snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                return (NULL);
++            }
+             *bp++ = (u_char) (subid & mask);
+         }
+     }
diff --git a/squid.spec b/squid.spec
index b6944b7a42117e6affa7588f3728ca3186e70381..185b32e7c77b65afd1caabaca9499cfeb9f2705c 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  6.6
-Release:  4
+Release:  5
 Summary:  The Squid proxy caching server
 Epoch:    7
 License:  GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
@@ -24,6 +24,7 @@ Patch3:   backport-squid-6.1-symlink-lang-err.patch
 Patch4:   backport-squid-crash-half-closed.patch
 Patch5:   backport-CVE-2024-25111.patch
 Patch6:   backport-CVE-2024-37894.patch
+Patch7:   backport-CVE-2025-59362.patch
 
 Requires: bash
 Requires: httpd-filesystem
@@ -246,6 +247,12 @@ fi
     chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
 
 %changelog
+* Mon Sep 22 2025 xinghe <xinghe2@h-partners.com> - 7:6.6-5
+- Type:cves
+- ID:CVE-2025-59362
+- SUG:NA
+- DESC:fix CVE-2025-59362
+
 * Tue Oct 29 2024 xinghe <xinghe2@h-partners.com> - 7:6.6-4
 - Type:cves
 - ID:CVE-2024-45802