diff --git a/libxcrypt-4.4.23.tar.gz b/libxcrypt-4.4.23.tar.gz
deleted file mode 100644
index e98edff..0000000
--- a/libxcrypt-4.4.23.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9cbbcb795ed5d121a1613eb0e40c77173b53e15a746796fc7cd7bd71cfd64533
-size 536009
diff --git a/libxcrypt-4.4.25.tar.gz b/libxcrypt-4.4.25.tar.gz
new file mode 100644
index 0000000..f500e82
--- /dev/null
+++ b/libxcrypt-4.4.25.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:caea3d032a46c4855ff818637884c7f5719ad228b79387b62ee023c8fbef17b4
+size 523797
diff --git a/libxcrypt.changes b/libxcrypt.changes
index 5fc686d..9b18d5e 100644
--- a/libxcrypt.changes
+++ b/libxcrypt.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Aug 18 10:22:27 UTC 2021 - Andreas Schwab <schwab@suse.de>
+
+- Update to 4.4.25
+  * Fix several issues found by Covscan in the testsuite.  These include:
+    - CWE-170: String not null terminated (STRING_NULL)
+    - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
+    - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
+    - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
+    - CWE-573: Missing varargs init or cleanup (VARARGS)
+    - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
+  * Stricter checking of invalid salt characters (issue #135).
+
 -------------------------------------------------------------------
 Thu Jun 24 08:48:06 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
 
diff --git a/libxcrypt.spec b/libxcrypt.spec
index 7233582..81eebdd 100644
--- a/libxcrypt.spec
+++ b/libxcrypt.spec
@@ -17,7 +17,7 @@
 
 
 Name:           libxcrypt
-Version:        4.4.23
+Version:        4.4.25
 Release:        0
 Summary:        Extended crypt library for DES, MD5, Blowfish and others
 License:        BSD-2-Clause AND GPL-3.0-or-later AND LGPL-2.1-or-later AND BSD-3-Clause AND SUSE-Public-Domain