diff --git a/libxml2-2.12.5-CVE-2025-49794.patch b/libxml2-2.12.5-CVE-2025-49794.patch
new file mode 100644
index 0000000..284ecd0
--- /dev/null
+++ b/libxml2-2.12.5-CVE-2025-49794.patch
@@ -0,0 +1,43 @@
+From 529f65b0782efbe1137b2504aa1f06504a97dd0a Mon Sep 17 00:00:00 2001
+From: Michael Mann <mmann78@netscape.net>
+Date: Sat, 21 Jun 2025 12:51:24 -0400
+Subject: [PATCH] Schematron: Fix use after free
+
+(CVE-2025-49794)
+
+Fixes #931
+---
+ schematron.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/schematron.c b/schematron.c
+index 5c1a27bf1..e2ec06d2c 100644
+--- a/schematron.c
++++ b/schematron.c
+@@ -1380,8 +1380,11 @@ xmlSchematronGetNode(xmlSchematronValidCtxtPtr ctxt,
+         return(NULL);
+ 
+     if ((ret->type == XPATH_NODESET) &&
+-        (ret->nodesetval != NULL) && (ret->nodesetval->nodeNr > 0))
++        (ret->nodesetval != NULL) && (ret->nodesetval->nodeNr > 0)) {
+         node = ret->nodesetval->nodeTab[0];
++        /* Clear the nodeTab so the node data isn't freed below */
++        ret->nodesetval->nodeTab[0] = NULL;
++    }
+ 
+     xmlXPathFreeObject(ret);
+     return(node);
+@@ -1446,6 +1449,10 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+                 ret = xmlStrcat(ret, BAD_CAST ":");
+                 ret = xmlStrcat(ret, node->name);
+             }
++
++            if ((path != NULL) && (node != cur))
++                xmlXPathNodeSetFreeNs((xmlNsPtr)node);
++                
+         } else if (IS_SCHEMATRON(child, "value-of")) {
+             xmlChar *select;
+             xmlXPathObjectPtr eval;
+-- 
+GitLab
+
diff --git a/libxml2.spec b/libxml2.spec
index c732518..0297ef9 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -26,6 +26,8 @@ Patch3:         libxml2-2.12.5-CVE-2024-56171.patch
 Patch4:         libxml2-2.12.5-CVE-2025-24928.patch
 # https://issues.redhat.com/browse/RHEL-96495
 Patch5:         libxml2-2.12.5-CVE-2025-6021.patch
+# https://issues.redhat.com/browse/RHEL-96995
+Patch6:         libxml2-2.12.5-CVE-2025-49794.patch
 
 BuildRequires:  cmake-rpm-macros
 BuildRequires:  gcc
@@ -168,6 +170,7 @@ popd
 %changelog
 * Mon Jun 16 2025 David King <dking@redhat.com> - 2.12.5-6
 - Fix CVE-2025-6021 (RHEL-96495)
+- Fix CVE-2025-49794 (RHEL-96395)
 
 * Mon Feb 24 2025 David King <dking@redhat.com> - 2.12.5-5
 - Fix CVE-2024-56171 (RHEL-80119)