diff --git a/0001-Fix-CVE-2024-25260.patch b/0001-Fix-CVE-2024-25260.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3722d175cb4cfc81d2987ab5335e07079e16c692
--- /dev/null
+++ b/0001-Fix-CVE-2024-25260.patch
@@ -0,0 +1,35 @@
+From 373f5212677235fc3ca6068b887111554790f944 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Mon, 13 Nov 2023 22:38:10 +0100
+Subject: [PATCH] backends: Fix arm_machine_flag_name version string.
+
+arm_machine_flag_name checks the version byte and if not zero returns
+a version string. There are only 5 versions defined. So check the
+version byte is not larger.
+
+	* backends/arm_machineflagname.c (arm_machine_flag_name):
+	Check version <= 0, otherwise return NULL.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=31058
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ backends/arm_machineflagname.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/backends/arm_machineflagname.c b/backends/arm_machineflagname.c
+index e93092ae..d700d5f4 100644
+--- a/backends/arm_machineflagname.c
++++ b/backends/arm_machineflagname.c
+@@ -48,7 +48,7 @@ arm_machine_flag_name (Elf64_Word orig, Elf64_Word *flagref)
+ 	  "Version5 EABI",
+         };
+       *flagref &= ~((Elf64_Word) EF_ARM_EABIMASK);
+-      return vername[version - 1];
++      return version <= 5 ? vername[version - 1] : NULL;
+     }
+   switch (EF_ARM_EABI_VERSION (orig))
+     {
+-- 
+2.43.5
+
diff --git a/elfutils.spec b/elfutils.spec
index 01a68bd5dbfd89c5a5a4c1bee1e26311169d6d63..b63970d76aaef1ffd5ba5406b6208fe3e7b3eb10 100644
--- a/elfutils.spec
+++ b/elfutils.spec
@@ -1,4 +1,4 @@
-%define anolis_release          2
+%define anolis_release          3
 %global source_url              ftp://sourceware.org/pub/elfutils/%{version}/
 %global _gnu                    %{nil}
 %define __brp_remove_la_files   %{nil}
@@ -16,6 +16,8 @@ Source0:       https://sourceware.org/elfutils/ftp/%{version}/%{name}-%{version}
 Source1:       elfutils-debuginfod.sysusers
 
 Patch0:        add-sw_64-support.patch
+# https://sourceware.org/git/?p=elfutils.git;a=commit;h=373f5212677235fc3ca6068b887111554790f944
+Patch1:        0001-Fix-CVE-2024-25260.patch
 
 Requires:      elfutils-libelf = %{version}-%{release}
 Requires:      elfutils-libs = %{version}-%{release}
@@ -201,6 +203,7 @@ such servers to download those files on demand.
 %ifarch sw_64
 %patch -P0 -p1
 %endif
+%patch -P1 -p1
 
 autoreconf -f -v -i
 find . -name \*.sh ! -perm -0100 -print | xargs chmod +x
@@ -357,6 +360,9 @@ exit 0
 %systemd_postun_with_restart debuginfod.service
 
 %changelog
+* Fri Jul 04 2025 Yang cheng <yc02267530@alibaba-inc.com> - 0.190-3
+- add patch to fix CVE-2024-25260
+
 * Mon Mar  31 2025 xunian<xunian@nfschina.com> - 0.190-2
 - add sw_64 support