diff --git a/edk2.spec b/edk2.spec
index 7980e18df7491dcc403b664d6443e933af193c73..d3c80dcea6efb3524e42f519483bef68a6818b07 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -1,4 +1,4 @@
-%define anolis_release 18
+%define anolis_release 19
 
 %undefine _auto_set_build_flags
 ExclusiveArch: x86_64 aarch64 loongarch64 riscv64
@@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64 loongarch64 riscv64
 %define GITDATE        20240214
 %define GITCOMMIT      edc6681206c1
 %define TOOLCHAIN      GCC5
-%define OPENSSL_VER    3.0.12
+%define OPENSSL_VER    3.0.14
 
 %define build_ovmf 0
 %define build_aarch64 0
@@ -38,7 +38,7 @@ URL:        http://www.tianocore.org
 
 Source0: https://github.com/tianocore/edk2/archive/refs/tags/edk2-stable%{version}.tar.gz
 Source1: ovmf-whitepaper-c770f8c.txt
-Source2: https://github.com/openssl/openssl/releases/download/openssl-%{OPENSSL_VER}/openssl-%{OPENSSL_VER}.tar.gz
+Source2: https://github.com/openssl/openssl/archive/refs/tags/openssl-%{OPENSSL_VER}.tar.gz
 # https://github.com/ucb-bar/berkeley-softfloat-3/tree/b64af41c3276f97f0e181920400ee056b9c88037
 Source3: softfloat-%{softfloat_version}.tar.xz
 # https://github.com/tianocore/edk2-platforms/commit/7f42d4034c8f4266da691df69dce18234f752cb4
@@ -261,7 +261,7 @@ rm -f $PATCHLIST
 cp -a -- %{SOURCE1} .
 tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
 rm -rf CryptoPkg/Library/OpensslLib/openssl
-mv CryptoPkg/Library/OpensslLib/openssl-%{OPENSSL_VER} CryptoPkg/Library/OpensslLib/openssl
+mv CryptoPkg/Library/OpensslLib/openssl-openssl-%{OPENSSL_VER} CryptoPkg/Library/OpensslLib/openssl
 
 # extract softfloat into place
 tar -xf %{SOURCE3} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3/
@@ -564,6 +564,9 @@ rm -f %{buildroot}%{_datadir}/edk2/riscv/*.raw
 
 
 %changelog
+* Tue Sep 23 2025 wh02252983 <wh02252983@alibaba-inc.com> - 202402-19
+- openssl update to 3.0.14 to fix CVE-2024-0727
+
 * Tue Aug 19 2025 zjl02254423 <zjl02254423@libaba-inc.com> -202402-18
 - update Source2 to fix check_source warning
 
diff --git a/openssl-3.0.12.tar.gz b/openssl-3.0.14.tar.gz
similarity index 63%
rename from openssl-3.0.12.tar.gz
rename to openssl-3.0.14.tar.gz
index 4fb7c5f6e5f63dc609156763733126550081dd7e..bb5756708bc4b12a6c696d8510393a7b0ae93a27 100644
Binary files a/openssl-3.0.12.tar.gz and b/openssl-3.0.14.tar.gz differ