diff --git a/skopeo.spec b/skopeo.spec
index 65c9574..b743bd2 100644
--- a/skopeo.spec
+++ b/skopeo.spec
@@ -9,8 +9,8 @@
 
 %global gomodulesmode GO111MODULE=on
 
-#%%global branch release-1.18
-%global commit0 64361bde0687b2d8ae490fd9d7358a1e89d70e5b
+%global branch release-1.18
+%global commit0 bfd0850f067e79cf4a60a911e212a62bd55181fb
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # No btrfs on RHEL
@@ -24,8 +24,8 @@
 
 Name: skopeo
 Epoch: 2
-Version: 1.18.0
-Release: 2%{?dist}
+Version: 1.18.1
+Release: 1%{?dist}
 # The `AND` needs to be uppercase in the License for SPDX compatibility
 License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0
 %if %{defined golang_arches_future}
@@ -159,6 +159,12 @@ cp -pav systemtest/* %{buildroot}/%{_datadir}/%{name}/test/system/
 %{_datadir}/%{name}/test
 
 %changelog
+* Fri Mar 14 2025 Jindrich Novy <jnovy@redhat.com> - 2:1.18.1-1
+- update to the latest content of https://github.com/containers/skopeo/tree/release-1.18
+  (https://github.com/containers/skopeo/commit/bfd0850)
+- fixes "CVE-2025-27144 skopeo: Go JOSE's Parsing Vulnerable to Denial of Service [rhel-9.7]"
+- Resolves: RHEL-80616
+
 * Thu Feb 13 2025 Jindrich Novy <jnovy@redhat.com> - 2:1.18.0-2
 - fix the broken condition introduced by upstream
 - Related: RHEL-60277
diff --git a/sources b/sources
index 9ce1710..3a3dff0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (skopeo-1.18.0-64361bd.tar.gz) = 4c4df7fda44bebffbd336708cf7ce89fb463194b206b60c98a038441eeaac2e179a2b4266d7c66e7c4cbbba71e292707d6a0df604eac54e1988a27b86a6a7e00
+SHA512 (release-1.18-bfd0850.tar.gz) = 70ae4b50c6c729226bca6ad54c56b7619047c476dbb6521f90c2f1f2da2292c2cdf87d4a50df4b0cbcf4eb72f5f21acfee333e8a20950f7cd63dc87e78e9eeaa