diff --git a/pkgs/by-name/co/corosync/package.nix b/pkgs/by-name/co/corosync/package.nix
index 6225fa443c8e..d640734c7b51 100644
--- a/pkgs/by-name/co/corosync/package.nix
+++ b/pkgs/by-name/co/corosync/package.nix
@@ -2,6 +2,7 @@
   lib,
   stdenv,
   fetchurl,
+  fetchpatch2,
   makeWrapper,
   pkg-config,
   kronosnet,
@@ -32,6 +33,14 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-IDNUu93uGpezxQoHbq6JxjX0Bt1nTMrvyUu5CSrNlTU=";
   };
 
+  patches = [
+    (fetchpatch2 {
+      name = "CVE-2025-30472.patch";
+      url = "https://github.com/corosync/corosync/commit/7839990f9cdf34e55435ed90109e82709032466a.patch??full_index=1";
+      hash = "sha256-EgGTfOM9chjLnb1QWNGp6IQQKQGdetNkztdddXlN/uo=";
+    })
+  ];
+
   nativeBuildInputs = [
     makeWrapper
     pkg-config