diff --git a/dependency/libxml2/CVE-2024-25062.patch b/dependency/libxml2/CVE-2024-25062.patch
new file mode 100644
index 0000000000000000000000000000000000000000..682d9096ff4b769d9e768746f4a557fdd6b398ae
--- /dev/null
+++ b/dependency/libxml2/CVE-2024-25062.patch
@@ -0,0 +1,11 @@
+diff -Naur a/xmlreader.c b/xmlreader.c
+--- a/xmlreader.c	2024-02-06 17:29:16.285516854 +0800
++++ b/xmlreader.c	2024-02-06 17:28:15.592980289 +0800
+@@ -1586,6 +1586,7 @@
+      * Handle XInclude if asked for
+      */
+     if ((reader->xinclude) && (reader->in_xinclude == 0) &&
++        (reader->state != XML_TEXTREADER_BACKTRACK) &&
+         (reader->node != NULL) &&
+ 	(reader->node->type == XML_ELEMENT_NODE) &&
+ 	(reader->node->ns != NULL) &&
diff --git a/dependency/libxml2/build_component.sh b/dependency/libxml2/build_component.sh
index 3cbc0820980f939868af7c07ad5f529ae9f07211..2f1bd921bc496dfa483e8e1039c5a26621390c0a 100644
--- a/dependency/libxml2/build_component.sh
+++ b/dependency/libxml2/build_component.sh
@@ -28,6 +28,7 @@ function build_component()
     patch -p1 < ../libxml2.patch
     patch -p1 < ../libxml2-CVE-2022-40303.patch
     patch -p1 < ../libxml2-CVE-2022-40304.patch
+    patch -p1 < ../CVE-2024-25062.patch
     tmp_cpus=$(grep -w processor /proc/cpuinfo|wc -l)
     ./autogen.sh
     chmod +x configure