diff --git a/CVE-2025-64181.patch b/CVE-2025-64181.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b64ee7fab1a3ce2651368f70c7a7402f6ab6cdf2
--- /dev/null
+++ b/CVE-2025-64181.patch
@@ -0,0 +1,37 @@
+From 72aa3e78acfb99eacae8bfae8bf4e4831634db11 Mon Sep 17 00:00:00 2001
+From: peterhillman <peterh@wetafx.co.nz>
+Date: Fri, 31 Oct 2025 10:51:11 +1300
+Subject: [PATCH] verify packed/unpacked size with uncompressed data (#2162)
+
+Origin: https://github.com/AcademySoftwareFoundation/openexr/commit/72aa3e78acfb99eacae8bfae8bf4e4831634db11
+
+Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
+Co-authored-by: Cary Phillips <cary@ilm.com>
+---
+ src/lib/OpenEXRCore/chunk.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/lib/OpenEXRCore/chunk.c b/src/lib/OpenEXRCore/chunk.c
+index b88db5e..2efe49b 100644
+--- a/src/lib/OpenEXRCore/chunk.c
++++ b/src/lib/OpenEXRCore/chunk.c
+@@ -1301,6 +1301,16 @@ exr_read_tile_chunk_info (
+             EXR_ERR_INVALID_ARGUMENT,
+             "Invalid packed size of 0");
+ 
++    if (part->comp_type == EXR_COMPRESSION_NONE &&
++       cinfo->packed_size != cinfo->unpacked_size)
++    {
++         return pctxt->print_error (
++             pctxt,
++             EXR_ERR_BAD_CHUNK_LEADER,
++             "Mismatch between unpacked and packed size with uncompressed data: packed is %" PRIu64 "; unpacked is %" PRIu64,
++             cinfo->packed_size, cinfo->unpacked_size);
++    }
++
+     return EXR_ERR_SUCCESS;
+ }
+ 
+-- 
+2.51.2
+
diff --git a/OpenEXR.spec b/OpenEXR.spec
index ba2c386a77b63a040008fcbb6269943ebec00be0..2c7610793479c7e719ff169dddfff72433476768 100644
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@@ -1,13 +1,14 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        3.1.11
-Release:        3
+Release:        4
 License:        BSD-3-Clause
 URL:	        http://www.openexr.com/
 Source0:        https://github.com/AcademySoftwareFoundation/openexr/archive/v%{version}/openexr-%{version}.tar.gz
 # https://github.com/AcademySoftwareFoundation/openexr/commit/df4d77471f2722025011da2e699d581d1e757f6b
 Patch0:         CVE-2023-5841.patch
 Patch1:         CVE-2024-31047.patch
+Patch2:         CVE-2025-64181.patch
 BuildRequires:  gcc-c++ zlib-devel pkgconfig python3-devel
 BuildRequires:  cmake gcc boost-devel pkgconfig(Imath) 
 
@@ -75,6 +76,9 @@ EXCLUDE_REGEX='DWA[AB]Compression'
 %{_libdir}/pkgconfig/OpenEXR.pc
 
 %changelog
+* Wed Nov 19 2025 wangkai <13474090681@163.com> - 3.1.11-4
+- Fix CVE-2025-64181
+
 * Wed Apr 17 2024 wangkai <13474090681@163.com> - 3.1.11-3
 - Fix CVE-2024-31047