diff --git a/SOURCES/enable-bsi-oscap-profile.patch b/SOURCES/enable-bsi-oscap-profile.patch
new file mode 100644
index 0000000..85c238c
--- /dev/null
+++ b/SOURCES/enable-bsi-oscap-profile.patch
@@ -0,0 +1,74 @@
+From 73a42cc3647a13a548d768fd31fd53d89e0546d4 Mon Sep 17 00:00:00 2001
+From: Gianluca Zuccarelli <gianlucazuccarelli@gmail.com>
+Date: Tue, 7 Oct 2025 12:53:39 +0100
+Subject: [PATCH] go.mod: bump images to v0.178.1
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Changes with 0.178.1
+----------------
+distrodefs: enable bsi oscap profile for RHEL-9.7 (HMS-9458) (#1917)
+Author: Gianluca Zuccarelli, Reviewers: Achilleas Koutsou, Michael Vogt, Simon de Vlieger
+
+— Somewhere on the Internet, 2025-10-07
+---
+ go.mod                                                        | 2 +-
+ go.sum                                                        | 4 ++--
+ vendor/github.com/osbuild/images/data/distrodefs/distros.yaml | 1 +
+ vendor/modules.txt                                            | 2 +-
+ 4 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/go.mod b/go.mod
+index 1965315d45..d3ba6fd003 100644
+--- a/go.mod
++++ b/go.mod
+@@ -34,7 +34,7 @@ require (
+ 	github.com/oapi-codegen/runtime v1.1.2
+ 	github.com/openshift-online/ocm-sdk-go v0.1.473
+ 	github.com/osbuild/blueprint v1.13.0
+-	github.com/osbuild/images v0.178.0
++	github.com/osbuild/images v0.178.1
+ 	github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d
+ 	github.com/prometheus/client_golang v1.23.0
+ 	github.com/segmentio/ksuid v1.0.4
+diff --git a/go.sum b/go.sum
+index 843668bc90..11dab7a752 100644
+--- a/go.sum
++++ b/go.sum
+@@ -517,8 +517,8 @@ github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXch
+ github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc=
+ github.com/osbuild/blueprint v1.13.0 h1:blo22+S2ZX5bBmjGcRveoTUrV4Ms7kLfKyb32WyuymA=
+ github.com/osbuild/blueprint v1.13.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4=
+-github.com/osbuild/images v0.178.0 h1:ojCD1rRtO+khFHpRHUxd6ydXBarEu+6pwt0w8oqilaY=
+-github.com/osbuild/images v0.178.0/go.mod h1:7CfDwGb8YA4erIzvMnqJysVpSu52i6l/f3h82usGPTg=
++github.com/osbuild/images v0.178.1 h1:tHRAc+nS5TLlEWXb4YHbTUID4GbGCf1XIRJkTx8aQOs=
++github.com/osbuild/images v0.178.1/go.mod h1:7CfDwGb8YA4erIzvMnqJysVpSu52i6l/f3h82usGPTg=
+ github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d h1:r9BFPDv0uuA9k1947Jybcxs36c/pTywWS1gjeizvtcQ=
+ github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d/go.mod h1:zR1iu/hOuf+OQNJlk70tju9IqzzM4ycq0ectkFBm94U=
+ github.com/perimeterx/marshmallow v1.1.5 h1:a2LALqQ1BlHM8PZblsDdidgv1mWi1DgC2UmX50IvK2s=
+diff --git a/vendor/github.com/osbuild/images/data/distrodefs/distros.yaml b/vendor/github.com/osbuild/images/data/distrodefs/distros.yaml
+index f1d3dab247..53b6bd6599 100644
+--- a/vendor/github.com/osbuild/images/data/distrodefs/distros.yaml
++++ b/vendor/github.com/osbuild/images/data/distrodefs/distros.yaml
+@@ -214,6 +214,7 @@ distros:
+       - "xccdf_org.ssgproject.content_profile_anssi_bp28_high"
+       - "xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary"
+       - "xccdf_org.ssgproject.content_profile_anssi_bp28_minimal"
++      - "xccdf_org.ssgproject.content_profile_bsi"
+       - "xccdf_org.ssgproject.content_profile_ccn_advanced"
+       - "xccdf_org.ssgproject.content_profile_ccn_basic"
+       - "xccdf_org.ssgproject.content_profile_ccn_intermediate"
+diff --git a/vendor/modules.txt b/vendor/modules.txt
+index 8356ae0466..617aa979c6 100644
+--- a/vendor/modules.txt
++++ b/vendor/modules.txt
+@@ -958,7 +958,7 @@ github.com/oracle/oci-go-sdk/v54/workrequests
+ ## explicit; go 1.23.9
+ github.com/osbuild/blueprint/internal/common
+ github.com/osbuild/blueprint/pkg/blueprint
+-# github.com/osbuild/images v0.178.0
++# github.com/osbuild/images v0.178.1
+ ## explicit; go 1.23.9
+ github.com/osbuild/images/data/dependencies
+ github.com/osbuild/images/data/distrodefs
diff --git a/SPECS/osbuild-composer.spec b/SPECS/osbuild-composer.spec
index b6a4443..2f2ea4e 100644
--- a/SPECS/osbuild-composer.spec
+++ b/SPECS/osbuild-composer.spec
@@ -25,7 +25,7 @@ It is compatible with composer-cli and cockpit-composer clients.
 }
 
 Name:           osbuild-composer
-Release:        1%{?dist}.alma.3
+Release:        2%{?dist}.alma.3
 Summary:        An image building service based on osbuild
 
 # osbuild-composer doesn't have support for building i686 and armv7hl images
@@ -36,6 +36,8 @@ License:        Apache-2.0
 URL:            %{gourl}
 Source0:        %{gosource}
 
+Patch0: enable-bsi-oscap-profile.patch
+
 # AlmaLinux Patch
 Patch1: 0001-Backport-https-github.com-osbuild-images-pull-1926.patch
 Patch2: 0001-Bring-AlmaLinux-9-and-AlmaLinux-8-to-distros-back.patch
@@ -455,9 +457,13 @@ Integration tests to be run on a pristine-dedicated system to test the osbuild-c
 %endif
 
 %changelog
-* Fri Nov 14 2025 Eduard Abdullin <eabdullin@almalinux.org> - 149-1.alma.3
+* Thu Nov 27 2025 Eduard Abdullin <eabdullin@almalinux.org> - 149-2.alma.3
 - Add AlmaLinux repositories
 
+* Wed Oct 15 2025 Gianluca Zuccarelli <gzuccare@redhat.com> - 149-2
+- Add missing BSI OpenSCAP profile to the allowlist
+  Resolves: RHEL-121525
+
 * Thu Aug 21 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 149-1
 - New upstream release