diff --git a/fix-CVE-2025-9810.patch b/fix-CVE-2025-9810.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d8b81a443d72496911d7476c0a2ec11ac7c68a78
--- /dev/null
+++ b/fix-CVE-2025-9810.patch
@@ -0,0 +1,14 @@
+diff --git a/deps/linenoise/linenoise.c b/deps/linenoise/linenoise.c
+index ccf5c55..7609be2 100644
+--- a/deps/linenoise/linenoise.c
++++ b/deps/linenoise/linenoise.c
+@@ -1194,7 +1194,7 @@ int linenoiseHistorySave(const char *filename) {
+     fp = fopen(filename,"w");
+     umask(old_umask);
+     if (fp == NULL) return -1;
+-    chmod(filename,S_IRUSR|S_IWUSR);
++    fchmod(fileno(fp),S_IRUSR|S_IWUSR);
+     for (j = 0; j < history_len; j++)
+         fprintf(fp,"%s\n",history[j]);
+     fclose(fp);
+
diff --git a/redis.spec b/redis.spec
index 1272e499472ba2db33092aa5d24e8793459c8ea6..c3bc479a3105f0cfdea42d61a9def3268c8e6d13 100644
--- a/redis.spec
+++ b/redis.spec
@@ -1,4 +1,4 @@
-%define anolis_release .0.1
+%define anolis_release .0.2
 #
 # RHEL / Fedora spec file for redis
 #
@@ -56,6 +56,8 @@ Patch1000:  1000-anolis-redis-add-loongarch-support.patch
 # add sw support
 Patch1001:  1001-anolis-redis-add-sw.patch
 
+Patch1002:  fix-CVE-2025-9810.patch
+
 BuildRequires:     gcc
 %if %{with tests}
 BuildRequires:     procps-ng
@@ -141,6 +143,7 @@ mv ../%{name}-doc-%{doc_commit} doc
 
 %patch1000 -p1
 %patch1001 -p1
+%patch1002 -p1
 
 mv deps/lua/COPYRIGHT    COPYRIGHT-lua
 mv deps/jemalloc/COPYING COPYING-jemalloc
@@ -291,6 +294,9 @@ exit 0
 
 
 %changelog
+* Mon Sep 22 2025 Zhipeng Chen <chenzhipeng@cqsoftware.com.cn> - 6.2.19-1.0.2
+- fix CVE-2025-9810
+
 * Tue Jul 29 2025 Liwei Ge <geliwei@openanolis.org> - 6.2.19-1.0.1
 - Support loongarch64 platform
 - cherry-pick `add sw patch $cbad809d90a96439e196e8610d5b1868bcca5d3d`. (nijie@wxiat.com)