diff --git a/yudao-module-pay/yudao-module-pay-server/src/main/java/cn/iocoder/yudao/module/pay/framework/pay/config/PayXStreamConfig.java b/yudao-module-pay/yudao-module-pay-server/src/main/java/cn/iocoder/yudao/module/pay/framework/pay/config/PayXStreamConfig.java
new file mode 100644
index 000000000..65dbe6bc0
--- /dev/null
+++ b/yudao-module-pay/yudao-module-pay-server/src/main/java/cn/iocoder/yudao/module/pay/framework/pay/config/PayXStreamConfig.java
@@ -0,0 +1,38 @@
+package cn.iocoder.yudao.module.pay.framework.pay.config;
+
+import com.thoughtworks.xstream.XStream;
+import jakarta.annotation.PostConstruct;
+import lombok.extern.slf4j.Slf4j;
+import me.chanjar.weixin.common.util.xml.XStreamInitializer;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * XStream 安全配置，解决微信支付回调V2解析异常
+ *
+ * @author wuKong
+ */
+@Slf4j
+@Configuration
+public class PayXStreamConfig {
+
+    @PostConstruct
+    public void init() {
+        log.info("初始化 XStream 安全配置，允许微信支付类的反序列化");
+
+        try {
+            XStream xstream = XStreamInitializer.getInstance();
+
+            // 添加白名单
+            // Caused by: com.thoughtworks.xstream.mapper.CannotResolveClassException:
+            //  com.github.binarywang.wxpay.bean.notify.WxPayOrderNotifyResult
+            xstream.allowTypesByWildcard(new String[] {
+                "com.github.binarywang.wxpay.bean.notify.**",
+                "com.github.binarywang.wxpay.bean.result.**",
+                "com.github.binarywang.wxpay.bean.request.**",
+                "com.github.binarywang.wxpay.bean.order.**"});
+            log.info("XStream 安全配置初始化成功");
+        } catch (Exception e) {
+            log.error("XStream 安全配置初始化失败", e);
+        }
+    }
+}
\ No newline at end of file