diff --git a/0978918f7148fbcd3d05cc6573dae7859975a895.patch b/0978918f7148fbcd3d05cc6573dae7859975a895.patch
new file mode 100644
index 0000000..ccc27bd
--- /dev/null
+++ b/0978918f7148fbcd3d05cc6573dae7859975a895.patch
@@ -0,0 +1,24 @@
+diff -rupN --no-dereference assimp-5.3.1/code/AssetLib/Q3D/Q3DLoader.cpp assimp-5.3.1-new/code/AssetLib/Q3D/Q3DLoader.cpp
+--- assimp-5.3.1/code/AssetLib/Q3D/Q3DLoader.cpp	2023-09-25 16:46:51.000000000 +0200
++++ assimp-5.3.1-new/code/AssetLib/Q3D/Q3DLoader.cpp	2026-01-13 23:53:47.976634803 +0100
+@@ -55,6 +55,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ #include <assimp/DefaultLogger.hpp>
+ #include <assimp/IOSystem.hpp>
+ 
++#include <limits>
++
+ using namespace Assimp;
+ 
+ static const aiImporterDesc desc = {
+@@ -308,6 +310,11 @@ void Q3DImporter::InternReadFile(const s
+                     throw DeadlyImportError("Quick3D: Invalid texture. Width or height is zero");
+                 }
+ 
++                const unsigned int uint_max = std::numeric_limits<unsigned int>::max();
++                if (tex->mWidth > (uint_max / tex->mHeight)) {
++                    throw DeadlyImportError("Quick3D: Texture dimensions are too large, resulting in overflow.");
++                }
++
+                 unsigned int mul = tex->mWidth * tex->mHeight;
+                 aiTexel *begin = tex->pcData = new aiTexel[mul];
+                 aiTexel *const end = &begin[mul - 1] + 1;
diff --git a/assimp.spec b/assimp.spec
index 61961af..361d99e 100644
--- a/assimp.spec
+++ b/assimp.spec
@@ -2,7 +2,7 @@
 
 Name:           assimp
 Version:        5.3.1
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Library to import various 3D model formats into applications
 
 # Assimp is BSD
@@ -32,6 +32,8 @@ Patch2:         %{name}-5.2.5-nozlib.patch
 Patch3:         %{name}-5.1.0-doxyfile.patch
 # Enable ctest and correct the project version
 Patch4:         %{name}-5.3.1-tests.patch
+# Backport fix for CVE-2025-11277
+Patch5:         https://github.com/assimp/assimp/commit/0978918f7148fbcd3d05cc6573dae7859975a895.patch
 
 BuildRequires:  boost-devel
 BuildRequires:  cmake
@@ -118,7 +120,7 @@ BuildArch: noarch
 %{summary}.
 
 %prep
-%setup -q
+%autosetup -p1
 # Get rid of bundled libs so we can't accidently build against them
 rm -r contrib/android-cmake
 rm -r contrib/draco
@@ -128,12 +130,6 @@ rm -r contrib/rapidjson
 rm -r contrib/stb
 rm -r contrib/utf8cpp
 
-%patch 0 -p1 -b .unbundle
-%patch 1 -p1 -b .pythonpath
-%patch 2 -p1 -b .nozlib
-%patch 3 -p1 -b .doxyfile
-%patch 4 -p0 -b .tests
-
 mv contrib/openddlparser/LICENSE contrib/openddlparser/LICENSE.openddlparser
 
 %build
@@ -199,6 +195,9 @@ rm -f %{buildroot}%{_libdir}/libzlibstatic.a
 %endif
 
 %changelog
+* Tue Jan 13 2026 Sandro Mani <manisandro@gmail.com> - 5.3.1-6
+- Backport fix for CVE-2025-11277
+
 * Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.1-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild