diff --git a/CVE-2025-5455-qtbase-5.15.patch b/CVE-2025-5455-qtbase-5.15.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9cee8646a19ec88d00c8a3434e277ccb2ca82744
--- /dev/null
+++ b/CVE-2025-5455-qtbase-5.15.patch
@@ -0,0 +1,20 @@
+diff --git a/src/corelib/io/qdataurl.cpp b/src/corelib/io/qdataurl.cpp
+index f14d399301f..83e59e3ac00 100644
+--- a/src/corelib/io/qdataurl.cpp
++++ b/src/corelib/io/qdataurl.cpp
+@@ -76,10 +76,11 @@ Q_CORE_EXPORT bool qDecodeDataUrl(const QUrl &uri, QString &mimeType, QByteArray
+         }
+ 
+         if (data.toLower().startsWith("charset")) {
+-            int i = 7;      // strlen("charset")
+-            while (data.at(i) == ' ')
+-                ++i;
+-            if (data.at(i) == '=')
++            int prefixSize = 7; // strlen("charset")
++            QLatin1String copy(data.constData() + prefixSize, data.size() - prefixSize);
++            while (copy.startsWith(QLatin1String(" ")))
++                copy = copy.mid(1);
++            if (copy.startsWith(QLatin1String("=")))
+                 data.prepend("text/plain;");
+         }
+ 
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index 32fc6bae102330a4330155682389ee44d33d4344..9da3dd2a8573e24e5f768946860660d2bbf73aaa 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -13,7 +13,7 @@
 Name:             qt5-qtbase
 Summary:          Core component of Qt toolkit
 Version:          5.11.1
-Release:          22
+Release:          23
 License:          LGPLv2 with exceptions or GPLv3 with exceptions
 Url:              http://qt-project.org/
 Source0:          https://download.qt.io/new_archive/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz
@@ -58,6 +58,7 @@ Patch6013:        qtbase5.11.1-CVE-2023-38197.patch
 Patch6014:        qtbase5.11.1-CVE-2023-43114.patch
 Patch6015:        qtbase5.11.1-CVE-2023-51714.patch
 Patch6016:        CVE-2023-45935.patch
+Patch6017:        CVE-2025-5455-qtbase-5.15.patch
 
 BuildRequires:    pkgconfig(libsystemd) cups-devel desktop-file-utils findutils
 BuildRequires:    libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa)
@@ -162,7 +163,6 @@ test -x configure || chmod +x configure
 sed -i -e "s|^#!/usr/bin/env perl$|#!%{__perl}|" \
     bin/fixqt4headers.pl bin/syncqt.pl mkspecs/features/data/unix/findclasslist.pl
 
-
 %build
 RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
 RPM_OPT_FLAGS="$RPM_OPT_FLAGS %{?qt5_arm_flag} %{?qt5_deprecated_flag} %{?qt5_null_flag}"
@@ -425,6 +425,9 @@ fi
 
 
 %changelog
+* Sat Jun 07 2025 Funda Wang <fundawang@yeah.net> - 5.11.1-23
+- fix CVE-2025-5455
+
 * Wed Apr 24 2024 lvfei <lvfei@kylinos.cn> - 5.11.1-22
 - Fix CVE-2023-45935