diff --git a/fix-changeOtherUserPasswd-critical-vulnerabilities.patch b/fix-changeOtherUserPasswd-critical-vulnerabilities.patch
new file mode 100644
index 0000000..71efbf4
--- /dev/null
+++ b/fix-changeOtherUserPasswd-critical-vulnerabilities.patch
@@ -0,0 +1,50 @@
+From 41f79e92846945fe6adf55e25e80c38976a9845a Mon Sep 17 00:00:00 2001
+From: peijiankang <peijiankang@kylinos.cn>
+Date: Mon, 22 May 2023 10:54:44 +0800
+Subject: [PATCH] fix changeOtherUserPasswd critical vulnerabilities
+
+---
+ registeredQDbus/sysdbusregister.cpp | 6 ++++--
+ registeredQDbus/sysdbusregister.h   | 2 +-
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp
+index 8b05278..476923f 100644
+--- a/registeredQDbus/sysdbusregister.cpp
++++ b/registeredQDbus/sysdbusregister.cpp
+@@ -288,7 +288,9 @@ int SysdbusRegister::_changeOtherUserPasswd(QString username, QString pwd){
+ int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){
+ 
+     //密码校验
+-    if (!checkAuthorization()){
++    QDBusConnection conn = connection();
++    QDBusMessage msg = message();
++    if (!checkAuthorization(conn.interface()->servicePid(msg.service()).value())){
+         return 0;
+     }
+ 
+@@ -356,7 +358,7 @@ bool SysdbusRegister::checkCreateAuthorization()
+     }
+ }
+ 
+-bool SysdbusRegister::checkAuthorization(){
++bool SysdbusRegister::checkAuthorization(qint64 id){
+ 
+     if (_id == 0)
+         return false;
+diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h
+index 7942715..0aca90d 100644
+--- a/registeredQDbus/sysdbusregister.h
++++ b/registeredQDbus/sysdbusregister.h
+@@ -52,7 +52,7 @@ public:
+ 
+ public:
+     bool checkCreateAuthorization();
+-    bool checkAuthorization();
++    bool checkAuthorization(qint64 id);
+     bool authoriyLogin(qint64 id);
+     bool authoriyAutoLogin(qint64 id);
+     bool authoriyDelete(qint64 id);
+-- 
+2.39.1
+
diff --git a/ukui-control-center.spec b/ukui-control-center.spec
index fed7ebd..f5fba19 100644
--- a/ukui-control-center.spec
+++ b/ukui-control-center.spec
@@ -1,6 +1,6 @@
 Name:           ukui-control-center
 Version:        3.1.2
-Release:        14
+Release:        15
 Summary:        utilities to configure the UKUI desktop
 License:        GPL-2+
 URL:            http://www.ukui.org
@@ -16,6 +16,7 @@ Patch11:	0011-Fix-about-copyright-display-error.patch
 Patch12:	0012-fix-add-group-failed-issue.patch
 Patch13:        0013-Fix-terminal-garbled-characters-when-not-root-user-change-locale-language.patch
 Patch14:        0014-fix-memorysize-of-aboutinfo.patch
+Patch15:        fix-changeOtherUserPasswd-critical-vulnerabilities.patch
 
 BuildRequires: qt5-qtsvg-devel
 BuildRequires: gsettings-qt-devel
@@ -141,6 +142,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon May 22 2023 peijiankang <peijiankang@kylinos.cn> - 3.1.2-15
+- fix changeOtherUserPasswd critical vulnerabilities
+
 * Thu Mar 30 2023 peijiankang <peijiankang@kylinos.cn> - 3.1.2-14
 - fix memorysize of aboutinfo