diff --git a/SPECS/jq/CVE-2025-9403.patch b/SPECS/jq/CVE-2025-9403.patch
new file mode 100644
index 00000000000..0ff9b3a8a31
--- /dev/null
+++ b/SPECS/jq/CVE-2025-9403.patch
@@ -0,0 +1,35 @@
+From 33b3a68f9c32413cf3a1afa76addf0dd64c2922b Mon Sep 17 00:00:00 2001
+From: itchyny <itchyny@cybozu.co.jp>
+Date: Tue, 4 Nov 2025 21:21:21 +0900
+Subject: [PATCH] Fix expected value assertion (fix #3430, ref #3393) (#3431)
+
+Upstream patch reference: https://github.com/jqlang/jq/commit/33b3a68f9c32413cf3a1afa76addf0dd64c2922b.patch
+
+---
+ src/jq_test.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/jq_test.c b/src/jq_test.c
+index 3945686..9fa370a 100644
+--- a/src/jq_test.c
++++ b/src/jq_test.c
+@@ -208,9 +208,14 @@ static void run_jq_tests(jv lib_dirs, int verbose, FILE *testdata, int skip, int
+         printf(" for test at line number %u: %s\n", lineno, prog);
+         pass = 0;
+       }
+-      jv as_string = jv_dump_string(jv_copy(expected), rand() & ~(JV_PRINT_COLOR|JV_PRINT_REFCOUNT));
++      jv as_string = jv_dump_string(jv_copy(expected), 0);
+       jv reparsed = jv_parse_sized(jv_string_value(as_string), jv_string_length_bytes(jv_copy(as_string)));
+-      assert(jv_equal(jv_copy(expected), jv_copy(reparsed)));
++      if (!jv_equal(jv_copy(expected), jv_copy(reparsed))) {
++        printf("*** Expected result should be equal after reparsing, but got ");
++        jv_dump(jv_copy(reparsed), 0);
++        printf(" for test at line %u: %s\n", lineno, buf);
++        pass = 0;
++      }
+       jv_free(as_string);
+       jv_free(reparsed);
+       jv_free(expected);
+-- 
+2.45.4
+
diff --git a/SPECS/jq/jq.spec b/SPECS/jq/jq.spec
index b3d1f342ebc..04724329b7f 100644
--- a/SPECS/jq/jq.spec
+++ b/SPECS/jq/jq.spec
@@ -1,7 +1,7 @@
 Summary:        jq is a lightweight and flexible command-line JSON processor.
 Name:           jq
 Version:        1.7.1
-Release:        5%{?dist}
+Release:        6%{?dist}
 Group:          Applications/System
 Vendor:         Microsoft Corporation
 License:        MIT
@@ -16,6 +16,7 @@ Patch5:         CVE-2026-33948.patch
 Patch6:         CVE-2026-39956.patch
 Patch7:         CVE-2026-39979.patch
 Patch8:         CVE-2026-40164.patch
+Patch9:         CVE-2025-9403.patch
 Distribution:   Azure Linux
 BuildRequires:  bison
 BuildRequires:  chrpath
@@ -69,6 +70,9 @@ make check
 %{_includedir}/*
 
 %changelog
+* Tue May 12 2026 Vijayender Putta <v-vijputta@microsoft.com> - 1.7.1-6
+- Patch for CVE-2025-9403
+
 * Fri Apr 17 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.7.1-5
 - Patch for CVE-2026-40164, CVE-2026-39979, CVE-2026-39956, CVE-2026-33948, CVE-2026-33947, CVE-2026-32316