diff --git a/mod_wsgi-4.7.1-CVE-2022-2255.patch b/mod_wsgi-4.7.1-CVE-2022-2255.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d0cc187b9ff86de7b84defe2a1b94b71f58ad2a3
--- /dev/null
+++ b/mod_wsgi-4.7.1-CVE-2022-2255.patch
@@ -0,0 +1,23 @@
+From af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751 Mon Sep 17 00:00:00 2001
+From: Graham Dumpleton <Graham.Dumpleton@gmail.com>
+Date: Mon, 18 Jul 2022 12:29:38 +1000
+Subject: [PATCH] Add fix to ensure that X-Client-IP header is dropped when is
+ not a trusted header.
+
+---
+ src/server/mod_wsgi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/server/mod_wsgi.c b/src/server/mod_wsgi.c
+index 0123472b..a4b49df1 100644
+--- a/src/server/mod_wsgi.c
++++ b/src/server/mod_wsgi.c
+@@ -14055,6 +14055,7 @@ static void wsgi_process_proxy_headers(request_rec *r)
+             name = ((const char**)trusted_proxy_headers->elts)[i];
+ 
+             if (!strcmp(name, "HTTP_X_FORWARDED_FOR") ||
++                     !strcmp(name, "HTTP_X_CLIENT_IP") ||
+                      !strcmp(name, "HTTP_X_REAL_IP")) {
+ 
+                 match_client_header = 1;
+
diff --git a/mod_wsgi.spec b/mod_wsgi.spec
index 247a9a7cdfb66a4fa13b01c67de128bf86d7dfe3..6a20cebc9b6ac2290ccdab897e85df3017cd0b84 100644
--- a/mod_wsgi.spec
+++ b/mod_wsgi.spec
@@ -15,7 +15,7 @@
 
 Name:           mod_wsgi
 Version:        4.7.1
-Release:        7%{?dist}
+Release:        7%{?dist}.1
 Summary:        A WSGI interface for Python web applications in Apache
 License:        ASL 2.0
 URL:            https://modwsgi.readthedocs.io/
@@ -25,6 +25,7 @@ Source2:        wsgi-python3.conf
 Patch1:         mod_wsgi-4.5.20-exports.patch
 Patch2:         mod_wsgi-4.9.1-request-limit.patch
 Patch3:         mod_wsgi-4.7.1-remove-rpath.patch
+Patch4:         mod_wsgi-4.7.1-CVE-2022-2255.patch
 
 # Exclude i686 arch. Due to a modularity issue it's being added to the
 # x86_64 compose of CRB, but we don't want to ship it at all.
@@ -179,6 +180,10 @@ ln -s %{_bindir}/mod_wsgi-express-2 $RPM_BUILD_ROOT%{_bindir}/mod_wsgi-express
 %endif
 
 %changelog
+* Wed Apr 30 2025 Luboš Uhliarik <luhliari@redhat.com> - 4.7.1-7.1
+- Resolves: RHEL-87514 - CVE-2022-2255 python39:3.9/mod_wsgi: Trusted
+  Proxy Headers Removing Bypass
+
 * Fri Jul 14 2023 Charalampos Stratakis <cstratak@redhat.com> - 4.7.1-7
 - Bump release for rebuild
 Resolves: rhbz#2213595