diff --git a/CHANGES.rst b/CHANGES.rst
index acc90a38d..07b533488 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -2,6 +2,13 @@
 Changelog (Pillow)
 ==================
 
+6.2.2.5 (date TBD)
+------------------
+
+- Fix CVE-2020-35654
+[rickprice]
+
+
 6.2.2.4 (2023-03-29)
 ------------------
 
@@ -14,8 +21,10 @@ since Pillow 4.3.0.
 
 - Fix CVE-2021-27921
   [rickprice]
+
 - Fix CVE-2021-27922
   [rickprice]
+
 - Fix CVE-2021-27923
   [rickprice]
 
diff --git a/docs/releasenotes/6.2.2.5.rst b/docs/releasenotes/6.2.2.5.rst
new file mode 100644
index 000000000..f8eef2065
--- /dev/null
+++ b/docs/releasenotes/6.2.2.5.rst
@@ -0,0 +1,11 @@
+6.2.2.4
+-------
+
+Security
+========
+
+This release addresses several critical CVEs.
+
+:cve:`CVE-2020-35654`: In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
+
+