diff --git a/.gitignore b/.gitignore
index c763164..c83d406 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,4 +19,4 @@ SOURCES/rexml-3.3.6.gem
 SOURCES/ruby2_keywords-0.0.5.gem
 SOURCES/sinatra-2.2.4.gem
 SOURCES/tilt-2.3.0.gem
-SOURCES/tornado-6.1.0.tar.gz
+SOURCES/tornado-6.1.0.pcs.1.tar.gz
diff --git a/.pcs.metadata b/.pcs.metadata
index 6334116..cdb2304 100644
--- a/.pcs.metadata
+++ b/.pcs.metadata
@@ -19,4 +19,4 @@ ae09ea83748b55875edc3708fffba90db180cb8e SOURCES/rack-test-2.1.0.gem
 d017b9e4d1978e0b3ccc3e2a31493809e4693cd3 SOURCES/ruby2_keywords-0.0.5.gem
 fa6a6c98f885e93f54c23dd0454cae906e82c31b SOURCES/sinatra-2.2.4.gem
 4a38a9a55887b2882182a2c5771e592efe514e5e SOURCES/tilt-2.3.0.gem
-c23c617c7a0205e465bebad5b8cdf289ae8402a2 SOURCES/tornado-6.1.0.tar.gz
+c65f61a0f55a342f142f2a6be2d5fcc7f4cab0c9 SOURCES/tornado-6.1.0.pcs.1.tar.gz
diff --git a/SPECS/pcs.spec b/SPECS/pcs.spec
index d872c2a..2dc8705 100644
--- a/SPECS/pcs.spec
+++ b/SPECS/pcs.spec
@@ -1,6 +1,6 @@
 Name: pcs
 Version: 0.10.18
-Release: 2%{?dist}.3
+Release: 2%{?dist}.4
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/
 # https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses
 # GPL-2.0-only: pcs
@@ -55,7 +55,7 @@ ExclusiveArch: i686 x86_64 s390x ppc64le aarch64
 
 # DO NOT UPDATE
 # Tornado 6.2 requires Python 3.7+
-%global tornado_version    6.1.0
+%global tornado_version    6.1.0.pcs.1
 
 %global pcs_bundled_dir pcs_bundled
 %global pcsd_public_dir pcsd/public
@@ -87,7 +87,7 @@ Source0: %{url}/archive/%{?v_prefix}%{version_or_commit}/%{pcs_source_name}.tar.
 Source1: HAM-logo.png
 
 Source41: https://github.com/ondrejmular/pyagentx/archive/v%{pyagentx_version}/pyagentx-%{pyagentx_version}.tar.gz
-Source42: https://github.com/tornadoweb/tornado/archive/v%{tornado_version}/tornado-%{tornado_version}.tar.gz
+Source42: https://github.com/CtrlZmaster/tornado/archive/v%{tornado_version}/tornado-%{tornado_version}.tar.gz
 Source43: https://github.com/ericvsmith/dataclasses/archive/%{dataclasses_version}/dataclasses-%{dataclasses_version}.tar.gz
 Source44: https://github.com/konradhalas/dacite/archive/v%{dacite_version}/dacite-%{dacite_version}.tar.gz
 Source45: https://pypi.python.org/packages/source/p/python-dateutil/python-dateutil-%{dateutil_version}.tar.gz
@@ -562,6 +562,10 @@ remove_all_tests
 %license pyagentx_LICENSE.txt
 
 %changelog
+* Tue Mar 4 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%dist.3
+- Fixed CVE-2024-52804 by patching bundled Tornado
+  Resolves: RHEL-81924
+
 * Wed Dec 4 2024 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2.el8_10.3
 - Prevented any future HTTP header-based attacks on puma/sinatra by removing any headers not recognized by pcsd
   Resolves: RHEL-65595