diff --git a/pkgs/development/perl-modules/FileFindRule-CVE-2011-10007.patch b/pkgs/development/perl-modules/FileFindRule-CVE-2011-10007.patch
new file mode 100644
index 000000000000..dd8492c60f21
--- /dev/null
+++ b/pkgs/development/perl-modules/FileFindRule-CVE-2011-10007.patch
@@ -0,0 +1,25 @@
+From ca70a73bb147549e62e74751d924b1dbb59d1707 Mon Sep 17 00:00:00 2001
+From: Stig Palmquist <stig@stig.io>
+Date: Thu, 5 Jun 2025 03:45:50 +0200
+Subject: [PATCH] Fix CVE-2011-10007
+
+---
+ lib/File/Find/Rule.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/File/Find/Rule.pm b/lib/File/Find/Rule.pm
+index feccc76..d4dc475 100644
+--- a/lib/File/Find/Rule.pm
++++ b/lib/File/Find/Rule.pm
+@@ -420,7 +420,7 @@ sub grep {
+ 
+     $self->exec( sub {
+         local *FILE;
+-        open FILE, $_ or return;
++        open FILE, '<', $_ or return;
+         local ($_, $.);
+         while (<FILE>) {
+             for my $p (@pattern) {
+-- 
+2.49.0
+
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index b4a23d1986b5..a3497aea8bbd 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -13327,6 +13327,9 @@ with self;
       url = "mirror://cpan/authors/id/R/RC/RCLAMP/File-Find-Rule-0.34.tar.gz";
       hash = "sha256-fm8WzDPrHyn/Jb7lHVE/S4qElHu/oY7bLTzECi1kyv4=";
     };
+    patches = [
+      ../development/perl-modules/FileFindRule-CVE-2011-10007.patch
+    ];
     propagatedBuildInputs = [
       NumberCompare
       TextGlob