diff --git a/libxml2-2.9.13-CVE-2025-6021.patch b/libxml2-2.9.13-CVE-2025-6021.patch
new file mode 100644
index 0000000..faced86
--- /dev/null
+++ b/libxml2-2.9.13-CVE-2025-6021.patch
@@ -0,0 +1,49 @@
+From 1256dce1c2c928e1436a7e8bd8b40113099383c8 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 27 May 2025 12:53:17 +0200
+Subject: [PATCH] tree: Fix integer overflow in xmlBuildQName
+
+This issue affects memory safety and might receive a CVE ID later.
+
+Fixes #926.
+---
+ tree.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/tree.c b/tree.c
+index 86afb7d6..3b0d0397 100644
+--- a/tree.c
++++ b/tree.c
+@@ -20,6 +20,7 @@
+ 
+ #include <string.h> /* for memset() only ! */
+ #include <stddef.h>
++#include <stdint.h>
+ #include <limits.h>
+ #ifdef HAVE_CTYPE_H
+ #include <ctype.h>
+@@ -222,16 +223,18 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) {
+ xmlChar *
+ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix,
+ 	      xmlChar *memory, int len) {
+-    int lenn, lenp;
++    size_t lenn, lenp;
+     xmlChar *ret;
+ 
+-    if (ncname == NULL) return(NULL);
++    if ((ncname == NULL) || (len < 0)) return(NULL);
+     if (prefix == NULL) return((xmlChar *) ncname);
+ 
+     lenn = strlen((char *) ncname);
+     lenp = strlen((char *) prefix);
++    if (lenn >= SIZE_MAX - lenp - 1)
++        return(NULL);
+ 
+-    if ((memory == NULL) || (len < lenn + lenp + 2)) {
++    if ((memory == NULL) || ((size_t) len < lenn + lenp + 2)) {
+ 	ret = (xmlChar *) xmlMallocAtomic(lenn + lenp + 2);
+ 	if (ret == NULL) {
+ 	    xmlTreeErrMemory("building QName");
+-- 
+2.49.0
+
diff --git a/libxml2.spec b/libxml2.spec
index 5185eac..825eefb 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -7,7 +7,7 @@
 
 Name:           libxml2
 Version:        2.9.7
-Release:        21%{?dist}
+Release:        21%{?dist}.1
 Summary:        Library providing XML and HTML support
 
 License:        MIT
@@ -74,6 +74,8 @@ Patch28:        libxml2-2.9.13-CVE-2025-24928.patch
 Patch29:         libxml2-2.9.13-CVE-2025-32414.patch
 # https://issues.redhat.com/browse/RHEL-74345
 Patch30:         libxml2-clamp-output-bytes-overflow.patch
+# https://issues.redhat.com/browse/RHEL-96498
+Patch31:         libxml2-2.9.13-CVE-2025-6021.patch
 
 BuildRequires:  gcc
 BuildRequires:  cmake-rpm-macros
@@ -245,6 +247,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
 %{python3_sitearch}/libxml2mod.so
 
 %changelog
+* Mon Jun 16 2025 David King <dking@redhat.com> - 2.9.7-21.1
+- Fix CVE-2025-6021 (RHEL-96498)
+
 * Fri Jun 13 2025 David King <dking@redhat.com> - 2.9.7-21
 - Fix integer overflow (RHEL-74345)