diff --git a/CVE-2025-11277.patch b/CVE-2025-11277.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2a679fc48ba0b5def9900970d666ef17046e9850
--- /dev/null
+++ b/CVE-2025-11277.patch
@@ -0,0 +1,38 @@
+From eeae4d2b61c545fdfd3784bb9358a09cd9c4c606 Mon Sep 17 00:00:00 2001
+From: root <root@localhost.localdomain>
+Date: Thu, 20 Nov 2025 08:57:03 +0800
+Subject: [PATCH] Fix CVE-2025-11277
+
+---
+ code/AssetLib/Q3D/Q3DLoader.cpp | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/code/AssetLib/Q3D/Q3DLoader.cpp b/code/AssetLib/Q3D/Q3DLoader.cpp
+index c773bbf..36e7924 100644
+--- a/code/AssetLib/Q3D/Q3DLoader.cpp
++++ b/code/AssetLib/Q3D/Q3DLoader.cpp
+@@ -55,6 +55,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ #include <assimp/DefaultLogger.hpp>
+ #include <assimp/IOSystem.hpp>
+ 
++#include <limits>
++
+ using namespace Assimp;
+ 
+ static const aiImporterDesc desc = {
+@@ -302,6 +304,12 @@ void Q3DImporter::InternReadFile(const std::string &pFile,
+                     throw DeadlyImportError("Quick3D: Invalid texture. Width or height is zero");
+                 }
+ 
++		const unsigned int uint_max = std::numeric_limits<unsigned int>::max();
++                if (tex->mWidth > (uint_max / tex->mHeight)) {
++                    throw DeadlyImportError("Quick3D: Texture dimensions are too large, resulting in overflow.");
++                }
++
++
+                 unsigned int mul = tex->mWidth * tex->mHeight;
+                 aiTexel *begin = tex->pcData = new aiTexel[mul];
+                 aiTexel *const end = &begin[mul - 1] + 1;
+-- 
+2.33.0
+
diff --git a/assimp.spec b/assimp.spec
index 0e376ea9efb1600c19d27d1a6e70b442636322a4..9e84fd8ac47907ebb863525222fae6d4661a70b3 100644
--- a/assimp.spec
+++ b/assimp.spec
@@ -1,6 +1,6 @@
 Name:          assimp
 Version:       5.2.4
-Release:       7
+Release:       8
 Summary:       Library to load and process various 3D model formats into applications.
 License:       BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0
 URL:           http://www.assimp.org/
@@ -14,6 +14,7 @@ Patch0006:     CVE-2025-3015.patch
 Patch0007:     CVE-2025-3016.patch
 Patch0008:     CVE-2025-3159.patch
 Patch0009:     CVE-2025-3160.patch
+Patch0010:     CVE-2025-11277.patch
 
 BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
 BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zzip-zlib-config)
@@ -92,6 +93,12 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
 %{python3_sitelib}/pyassimp
 
 %changelog
+* Thu Nov 20 2025 caohongtao <caohongtao@cmss.chinamobile.com> - 5.2.4-8
+- Type:CVE
+- CVE:CVE-2025-11277
+- SUG:NA
+- DESC:fix CVE-2025-11277
+
 * Fri Apr 4 2025 changtao <changtao@kylinos.cn> - 5.2.4-7
 - Type:CVE
 - CVE:CVE-2025-3160 CVE-2025-3159