diff --git a/CHANGES.rst b/CHANGES.rst
index 07b533488..6bb23e5f7 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -8,6 +8,9 @@ Changelog (Pillow)
 - Fix CVE-2020-35654
 [rickprice]
 
+- Catch TiffDecode heap-based buffer overflow. CVE 2021-25289
+  Add test files that show the CVE was fixed
+  [rickprice]
 
 6.2.2.4 (2023-03-29)
 ------------------
diff --git a/Tests/images/crash-0e16d3bfb83be87356d026d66919deaefca44dac.tif b/Tests/images/crash-0e16d3bfb83be87356d026d66919deaefca44dac.tif
new file mode 100644
index 000000000..f59aab21a
Binary files /dev/null and b/Tests/images/crash-0e16d3bfb83be87356d026d66919deaefca44dac.tif differ
diff --git a/Tests/images/crash-1152ec2d1a1a71395b6f2ce6721c38924d025bf3.tif b/Tests/images/crash-1152ec2d1a1a71395b6f2ce6721c38924d025bf3.tif
new file mode 100644
index 000000000..c8d6e2aad
Binary files /dev/null and b/Tests/images/crash-1152ec2d1a1a71395b6f2ce6721c38924d025bf3.tif differ
diff --git a/docs/releasenotes/6.2.2.5.rst b/docs/releasenotes/6.2.2.5.rst
index f8eef2065..7e25cc233 100644
--- a/docs/releasenotes/6.2.2.5.rst
+++ b/docs/releasenotes/6.2.2.5.rst
@@ -1,4 +1,4 @@
-6.2.2.4
+6.2.2.5
 -------
 
 Security
@@ -8,4 +8,5 @@ This release addresses several critical CVEs.
 
 :cve:`CVE-2020-35654`: In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
 
+:cve:`CVE-2021-25289`: Catch TiffDecode heap-based buffer overflow. Add test files that show the CVE was fixed