diff --git a/CVE-2025-2751.patch b/CVE-2025-2751.patch
new file mode 100644
index 0000000000000000000000000000000000000000..437916fc12ecbed55ac14997a66b775dd4365331
--- /dev/null
+++ b/CVE-2025-2751.patch
@@ -0,0 +1,41 @@
+From 177797c77b027a6de080fb3bacbd8822617e11d8 Mon Sep 17 00:00:00 2001
+From: Vinz Spring <vjvsp@yahoo.de>
+Date: Sun, 8 Jun 2025 12:10:12 +0200
+Subject: [PATCH] Fixes CVE-2025-2751: Out-of-bounds Read in
+ Assimp::CSMImporter::InternReadFile (closes #6012) (#6224)
+
+description:
+issue:
+- https://github.com/assimp/assimp/blob/4ad1d2aa3086517816716a50aa122342806736f9/code/AssetLib/CSM/CSMLoader.cpp#L274C1-L275C1
+- sometimes the code tried to construct a new 4x4 matrix from a nullptr, thus reading out of bounds
+
+fix:
+- added nullptr check
+- added array count check
+- added default fallback init to identity matrix
+
+Co-authored-by: Vinz Spring <vinzs@amazon.de>
+Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
+---
+ code/AssetLib/CSM/CSMLoader.cpp | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/code/AssetLib/CSM/CSMLoader.cpp b/code/AssetLib/CSM/CSMLoader.cpp
+index 6ea3f8ef9a..497dc0aeb6 100644
+--- a/code/AssetLib/CSM/CSMLoader.cpp
++++ b/code/AssetLib/CSM/CSMLoader.cpp
+@@ -271,7 +271,13 @@ void CSMImporter::InternReadFile( const std::string& pFile,
+         nd->mName   = anim->mChannels[i]->mNodeName;
+         nd->mParent = pScene->mRootNode;
+ 
+-        aiMatrix4x4::Translation(na->mPositionKeys[0].mValue, nd->mTransformation);
++        if (na->mPositionKeys != nullptr && na->mNumPositionKeys > 0) {
++            aiMatrix4x4::Translation(na->mPositionKeys[0].mValue, nd->mTransformation);
++        } else {
++            // Use identity matrix if no valid position data is available
++            nd->mTransformation = aiMatrix4x4();
++            DefaultLogger::get()->warn("CSM: No position keys available for node - using identity transformation");
++        }
+     }
+ 
+     // Store the one and only animation in the scene
diff --git a/CVE-2025-3158.patch b/CVE-2025-3158.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b5154e5efc9a38a00bac11e91bfd7ac2972af324
--- /dev/null
+++ b/CVE-2025-3158.patch
@@ -0,0 +1,28 @@
+From 357b5baabbd0af01cbe712c6506ee1d06d2da8de Mon Sep 17 00:00:00 2001
+From: Vinz Spring <vjvsp@yahoo.de>
+Date: Sun, 8 Jun 2025 14:02:04 +0200
+Subject: [PATCH] fix-CVE-2025-3158: closes #6023 Fixes CVE-2025-3158:
+ Heap-based Buffer Overflow in Assimp::LWO::AnimResolver::UpdateAnimRangeSetup
+ (#6222)
+
+- changed loop-condition to reflect the fact that m must be smaller than n
+
+Co-authored-by: Vinz Spring <vinzs@amazon.de>
+Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
+---
+ code/AssetLib/LWO/LWOAnimation.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/code/AssetLib/LWO/LWOAnimation.cpp b/code/AssetLib/LWO/LWOAnimation.cpp
+index 432dc4cabd..f6cfd6a853 100644
+--- a/code/AssetLib/LWO/LWOAnimation.cpp
++++ b/code/AssetLib/LWO/LWOAnimation.cpp
+@@ -212,7 +212,7 @@ void AnimResolver::UpdateAnimRangeSetup() {
+             unsigned int tt = 1;
+             for (const double tmp = delta * (num + 1); cur_minus <= tmp; cur_minus += delta, ++tt) {
+                 m = (delta == tmp ? (*it).keys.begin() : n - (old_size + 1));
+-                for (; m != n; --n) {
++                for (; m < n; --n) {
+                     (*n).time -= cur_minus;
+ 
+                     // offset repeat? add delta offset to key value
diff --git a/CVE-2025-3196.patch b/CVE-2025-3196.patch
new file mode 100644
index 0000000000000000000000000000000000000000..39645f6101a5338553cbcb6d7662073655fbee29
--- /dev/null
+++ b/CVE-2025-3196.patch
@@ -0,0 +1,50 @@
+From 7eb6b0c3dbc2ee59b58c98f43e5ac438cc7f6883 Mon Sep 17 00:00:00 2001
+From: Vinz Spring <vjvsp@yahoo.de>
+Date: Sat, 31 May 2025 14:27:10 +0200
+Subject: [PATCH] fix: closes #6069 CVE-2025-3196 (#6154)
+
+* fix: closes #6069 CVE-2025-3196
+
+* fix: updated patch for upstream symbol names
+
+* fix: warning C4267
+
+---------
+
+Co-authored-by: Vinz Jarl Valentin Spring <vinzs@amazon.com>
+Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
+Co-authored-by: Vinz Spring <contact@vinzspring.de>
+---
+ code/AssetLib/MD2/MD2Loader.cpp | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/code/AssetLib/MD2/MD2Loader.cpp b/code/AssetLib/MD2/MD2Loader.cpp
+index bec3a2cc88..942bc6177c 100644
+--- a/code/AssetLib/MD2/MD2Loader.cpp
++++ b/code/AssetLib/MD2/MD2Loader.cpp
+@@ -319,16 +319,22 @@ void MD2Importer::InternReadFile( const std::string& pFile,
+         clr.b = clr.g = clr.r = 0.05f;
+         pcHelper->AddProperty<aiColor3D>(&clr, 1,AI_MATKEY_COLOR_AMBIENT);
+ 
+-        if (pcSkins->name[0])
++        const ai_uint32 MaxNameLength = MAXLEN - 1; // one byte reserved for \0
++        ai_uint32 iLen = static_cast<ai_uint32>(::strlen(pcSkins->name));
++        bool nameTooLong = iLen > MaxNameLength;
++
++        if (pcSkins->name[0] && !nameTooLong)
+         {
+             aiString szString;
+-            const ai_uint32 iLen = (ai_uint32) ::strlen(pcSkins->name);
+-            ::memcpy(szString.data,pcSkins->name,iLen);
++            ::memcpy(szString.data, pcSkins->name, iLen);
+             szString.data[iLen] = '\0';
+             szString.length = iLen;
+ 
+             pcHelper->AddProperty(&szString,AI_MATKEY_TEXTURE_DIFFUSE(0));
+         }
++        else if (nameTooLong) {
++            ASSIMP_LOG_WARN("Texture file name is too long. It will be skipped.");
++        }
+         else{
+             ASSIMP_LOG_WARN("Texture file name has zero length. It will be skipped.");
+         }
diff --git a/assimp.spec b/assimp.spec
index 2804c5bceba1ee1a5af3e975f7f136d191c00ac0..1906d56a5278cad4651a8418470dd3a994589db8 100644
--- a/assimp.spec
+++ b/assimp.spec
@@ -1,6 +1,6 @@
 Name:          assimp
 Version:       5.3.1
-Release:       9
+Release:       10
 Summary:       Library to load and process various 3D model formats into applications.
 License:       BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0
 URL:           http://www.assimp.org/
@@ -25,6 +25,9 @@ Patch10:       CVE-2025-3015.patch
 Patch11:       CVE-2025-3016.patch
 Patch12:       CVE-2025-3159.patch
 Patch13:       CVE-2025-3160.patch
+Patch14:       CVE-2025-2751.patch
+Patch15:       CVE-2025-3158.patch
+Patch16:       CVE-2025-3196.patch
 
 BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
 BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zziplib)
@@ -104,6 +107,12 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
 %{python3_sitelib}/pyassimp
 
 %changelog
+* Mon Jul 07 2025 Funda Wang <fundawang@yeah.net> - 5.3.1-10
+- Type:CVE
+- CVE:CVE-2025-2751 CVE-2025-3158 CVE-2025-3196
+- SUG:NA
+- DESC:fix CVE-2025-2751 CVE-2025-3158 CVE-2025-3196
+
 * Fri Apr 4 2025 changtao <changtao@kylinos.cn> - 5.3.1-9
 - Type:CVE
 - CVE:CVE-2025-3160 CVE-2025-3159