diff --git a/SPECS/mtr/CVE-2025-49809.patch b/SPECS/mtr/CVE-2025-49809.patch
new file mode 100644
index 00000000000..0e5ebcbf6b6
--- /dev/null
+++ b/SPECS/mtr/CVE-2025-49809.patch
@@ -0,0 +1,39 @@
+From 2ea17da13083f5621327084d9229c48dd5160ac5 Mon Sep 17 00:00:00 2001
+From: Azure Linux Security Servicing Account
+ <azurelinux-security@microsoft.com>
+Date: Tue, 15 Jul 2025 19:58:45 +0000
+Subject: [PATCH] Fix CVE CVE-2025-49809 in mtr
+
+Upstream Patch Reference: https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6.patch
+---
+ ui/cmdpipe.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/ui/cmdpipe.c b/ui/cmdpipe.c
+index d22b236..1a66293 100644
+--- a/ui/cmdpipe.c
++++ b/ui/cmdpipe.c
+@@ -220,10 +220,17 @@ void execute_packet_child(
+        the path to the mtr-packet executable.  This is necessary
+        for debugging changes for mtr-packet.
+      */
+-    char *mtr_packet_path = getenv("MTR_PACKET");
+-    if (mtr_packet_path == NULL) {
++    char * mtr_packet_path = NULL; 
++
++    // In the rare case that mtr-packet is not setuid-root, 
++    // and a select group of users has sudo privileges to run 
++    // mtr and not much else, THEN create /etc/mtr.is.run.under.sudo
++    // to prevent a privilege escalation when one of those accounts
++    // is compromised.  CVE-2025-49809
++    if (access ("/etc/mtr.is.run.under.sudo", F_OK) != 0)
++        mtr_packet_path = getenv("MTR_PACKET");
++    if (mtr_packet_path == NULL)
+         mtr_packet_path = "mtr-packet";
+-    }
+ 
+     /*
+        First, try to execute mtr-packet from PATH
+-- 
+2.45.3
+
diff --git a/SPECS/mtr/mtr.spec b/SPECS/mtr/mtr.spec
index c0d21ffbe60..b018e42f9d5 100644
--- a/SPECS/mtr/mtr.spec
+++ b/SPECS/mtr/mtr.spec
@@ -3,7 +3,7 @@
 Summary: Network diagnostic tool combining 'traceroute' and 'ping'
 Name: mtr
 Version: 0.95
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -12,6 +12,7 @@ Source0: https://github.com/traviscross/mtr/archive/v%{version}/%{name}-%{versio
 Source1: net-x%{name}.desktop
 Source2: mtr-gtk-pkexec-wrapper.sh
 Source3: org.fedoraproject.mtr.policy
+Patch0:CVE-2025-49809.patch
 
 BuildRequires: ncurses-devel
 BuildRequires: autoconf automake libtool git
@@ -61,6 +62,9 @@ install -D -p -m 0755 mtr %{buildroot}%{_sbindir}/mtr
 %{_datadir}/bash-completion/completions/%{name}
 
 %changelog
+* Tue Jul 15 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 0.95-3
+- Patch for CVE-2025-49809
+
 * Mon Jul 22 2024 Aditya Dubey <adityadubey@microsoft.com> - 0.95-2
 - Promoting package from SPECS-EXTENDED to SPECS