diff --git a/python-tornado6.changes b/python-tornado6.changes
index 923e9f7..b89fa4f 100644
--- a/python-tornado6.changes
+++ b/python-tornado6.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Fri May 16 09:23:08 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 6.5.0 (CVE-2025-47287, bsc#1243268):
+  * Security Improvements:
+    - Previously, malformed multipart-form-data requests could log
+      multiple warnings and constitute a denial-of-service attack. Now
+      an exception is raised at the first error, so there is only one
+      log message per request. This fixes CVE-2025-47287.
+  * General Changes:
+    - Python 3.14 is now supported. Older versions of Tornado will
+      work on Python 3.14 but may log deprecation warnings.
+    - The free-threading mode of Python 3.13 is now supported on an
+      experimental basis. Prebuilt wheels are not yet available for
+      this configuration, but it can be built from source.
+    - The minimum supported Python version is 3.9.
+  * Deprecation Notices:
+    - Support for obs-fold continuation lines in HTTP headers is
+      deprecated and will be removed in Tornado 7.0, as is the use of
+      carriage returns without line feeds as header separators.
+    - The callback argument to websocket_connect is deprecated and
+      will be removed in Tornado 7.0. Note that on_message_callback is
+      not deprecated.
+    - The log_message and args attributes of tornado.web.HTTPError are
+      deprecated. Use the new get_message method instead.
+
 -------------------------------------------------------------------
 Mon Nov 25 03:19:20 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
 
diff --git a/python-tornado6.spec b/python-tornado6.spec
index 20425e7..0648beb 100644
--- a/python-tornado6.spec
+++ b/python-tornado6.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-tornado6
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-tornado6
-Version:        6.4.2
+Version:        6.5
 Release:        0
 Summary:        Open source version of scalable, non-blocking web server that power FriendFeed
 License:        Apache-2.0
diff --git a/tornado-6.4.2.tar.gz b/tornado-6.4.2.tar.gz
deleted file mode 100644
index 913eb6c..0000000
--- a/tornado-6.4.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:92bad5b4746e9879fd7bf1eb21dce4e3fc5128d71601f80005afa39237ad620b
-size 501135
diff --git a/tornado-6.5.tar.gz b/tornado-6.5.tar.gz
new file mode 100644
index 0000000..ea35ab3
--- /dev/null
+++ b/tornado-6.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c70c0a26d5b2d85440e4debd14a8d0b463a0cf35d92d3af05f5f1ffa8675c826
+size 508968