diff --git a/0001-fix-CVE-2025-6021.patch b/0001-fix-CVE-2025-6021.patch
new file mode 100644
index 0000000000000000000000000000000000000000..46ea13e5a3f9fbb76bd6968b42d2603f23ceb48b
--- /dev/null
+++ b/0001-fix-CVE-2025-6021.patch
@@ -0,0 +1,49 @@
+From 928f4f5d154cff53e0d1985ab926a6eec117a642 Mon Sep 17 00:00:00 2001
+From: yangcheng1203 <yc02267530@alibaba-inc.com>
+Date: Tue, 17 Jun 2025 13:47:07 +0800
+Subject: [PATCH] fix-CVE-2025-6021
+
+---
+ tree.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/tree.c b/tree.c
+index 475479c..80aefd5 100644
+--- a/tree.c
++++ b/tree.c
+@@ -49,6 +49,10 @@
+ #include "private/error.h"
+ #include "private/tree.h"
+ 
++#ifndef SIZE_MAX
++#define SIZE_MAX ((size_t) -1)
++#endif
++
+ int __xmlRegisterCallbacks = 0;
+ 
+ /************************************************************************
+@@ -221,16 +225,18 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) {
+ xmlChar *
+ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix,
+ 	      xmlChar *memory, int len) {
+-    int lenn, lenp;
++    size_t lenn, lenp;
+     xmlChar *ret;
+ 
+-    if (ncname == NULL) return(NULL);
++    if ((ncname == NULL) || (len < 0)) return(NULL);
+     if (prefix == NULL) return((xmlChar *) ncname);
+ 
+     lenn = strlen((char *) ncname);
+     lenp = strlen((char *) prefix);
++    if (lenn >= SIZE_MAX - lenp - 1)
++        return(NULL);
+ 
+-    if ((memory == NULL) || (len < lenn + lenp + 2)) {
++    if ((memory == NULL) || ((size_t) len < lenn + lenp + 2)) {
+ 	ret = (xmlChar *) xmlMallocAtomic(lenn + lenp + 2);
+ 	if (ret == NULL) {
+ 	    xmlTreeErrMemory("building QName");
+-- 
+2.43.5
+
diff --git a/libxml2.spec b/libxml2.spec
index b880a2139d26122ebc78a5c801f9cb3161066e4f..c3e69fcfd8fa490ea468305725b6022e23bb4540 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,4 +1,4 @@
-%define anolis_release 9
+%define anolis_release 10
 Name:           libxml2
 Version:        2.11.5
 Release:        %{anolis_release}%{?dist}
@@ -38,6 +38,9 @@ Patch8:        Bugfix-for-CVE-2024-56171.patch
 #Upstream fix: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c716d491dd2e67f08066f4dc0619efeb49e43e6
 Patch9:        Bugfix-for-CVE-2025-27113.patch
 
+#https://gitlab.gnome.org/GNOME/libxml2/-/commit/acbbeef9f5dcdcc901c5f3fa14d583ef8cfd22f0
+Patch10:       0001-fix-CVE-2025-6021.patch
+
 BuildRequires:  cmake-rpm-macros
 BuildRequires:  gcc
 BuildRequires:  make
@@ -182,6 +185,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
 %doc NEWS README.md
 
 %changelog
+* Tue Jun 17 2025 yangcheng <yc02267530@alibaba-inc.com> - 2.11.5-10
+- add patch to fix CVE-2025-6021
+
 * Tue May 13 2025 yangjinlin01 <yangjinlin01@inspur.com> - 2.11.5-9
 - Fix CVE-2025-27113