diff --git a/CVE-2025-6069.patch b/CVE-2025-6069.patch
new file mode 100644
index 0000000000000000000000000000000000000000..44301f12ee8e500a5a6089ac3d4c4814a0e4ebc4
--- /dev/null
+++ b/CVE-2025-6069.patch
@@ -0,0 +1,86 @@
+From 4455cbabf991e202185a25a631af206f60bbc949 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Fri, 13 Jun 2025 19:20:30 +0200
+Subject: [PATCH] [3.13] gh-135462: Fix quadratic complexity in processing
+ special input in HTMLParser (GH-135464) (GH-135482)
+
+Refer: https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949
+
+End-of-file errors are now handled according to the HTML5 specs --
+comments and declarations are automatically closed, tags are ignored.
+(cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41)
+
+Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
+
+---
+ lib-python/2.7/HTMLParser.py | 38 ++++++++++++++++++++++++++++--------
+ 1 file changed, 30 insertions(+), 8 deletions(-)
+
+diff --git a/lib-python/2.7/HTMLParser.py b/lib-python/2.7/HTMLParser.py
+index b336a4c..631bdb7 100644
+--- a/lib-python/2.7/HTMLParser.py
++++ b/lib-python/2.7/HTMLParser.py
+@@ -20,6 +20,7 @@ entityref = re.compile('&([a-zA-Z][-.a-zA-Z0-9]*)[^a-zA-Z0-9]')
+ charref = re.compile('&#(?:[0-9]+|[xX][0-9a-fA-F]+)[^0-9a-fA-F]')
+ 
+ starttagopen = re.compile('<[a-zA-Z]')
++endtagopen = re.compile('</[a-zA-Z]')
+ piclose = re.compile('>')
+ commentclose = re.compile(r'--\s*>')
+ tagfind = re.compile('([a-zA-Z][-.a-zA-Z0-9:_]*)(?:\s|/(?!>))*')
+@@ -164,7 +165,7 @@ class HTMLParser(markupbase.ParserBase):
+                     k = self.parse_pi(i)
+                 elif startswith("<!", i):
+                     k = self.parse_html_declaration(i)
+-                elif (i + 1) < n:
++                elif (i + 1) < n or end:
+                     self.handle_data("<")
+                     k = i + 1
+                 else:
+@@ -172,14 +173,35 @@ class HTMLParser(markupbase.ParserBase):
+                 if k < 0:
+                     if not end:
+                         break
+-                    k = rawdata.find('>', i + 1)
+-                    if k < 0:
+-                        k = rawdata.find('<', i + 1)
+-                        if k < 0:
+-                            k = i + 1
++                    if starttagopen.match(rawdata, i):  # < + letter
++                        pass
++                    elif startswith("</", i):
++                        if i + 2 == n:
++                            self.handle_data("</")
++                        elif endtagopen.match(rawdata, i):  # </ + letter
++                            pass
++                        else:
++                            # bogus comment
++                            self.handle_comment(rawdata[i+2:])
++                    elif startswith("<!--", i):
++                        j = n
++                        for suffix in ("--!", "--", "-"):
++                            if rawdata.endswith(suffix, i+4):
++                                j -= len(suffix)
++                                break
++                        self.handle_comment(rawdata[i+4:j])
++                    elif startswith("<![CDATA[", i):
++                        self.unknown_decl(rawdata[i+3:])
++                    elif rawdata[i:i+9].lower() == '<!doctype':
++                        self.handle_decl(rawdata[i+2:])
++                    elif startswith("<!", i):
++                        # bogus comment
++                        self.handle_comment(rawdata[i+2:])
++                    elif startswith("<?", i):
++                        self.handle_pi(rawdata[i+2:])
+                     else:
+-                        k += 1
+-                    self.handle_data(rawdata[i:k])
++                        raise AssertionError("we should not get here!")
++                    k = n
+                 i = self.updatepos(i, k)
+             elif startswith("&#", i):
+                 match = charref.match(rawdata, i)
+-- 
+2.49.0
+
diff --git a/jython.spec b/jython.spec
index 5dde271ae916cbc6e39324f359d69245d3700879..f10c47551ff88417626b48fb112385623a05c097 100644
--- a/jython.spec
+++ b/jython.spec
@@ -2,7 +2,7 @@
 %global __os_install_post %(echo '%{__os_install_post}' | sed -e 's!/usr/lib[^[:space:]]*/brp-python-bytecompile[[:space:]].*$!!g')
 Name:                jython
 Version:             2.7.1
-Release:             2
+Release:             3
 Summary:             A Java implementation of the Python language
 License:             ASL 1.1 and BSD 
 URL:                 http://www.jython.org/
@@ -14,7 +14,8 @@ Patch2:              jython-no-carrotsearch-sizeof.patch
 Patch3:              jython-launcher.patch
 Patch4:              jython-fix-multiprocessing.patch
 Patch5:              jython-fix-tty-detection.patch
-Patch189:            jython-use-rpm-wheels.patch
+Patch6:              jython-use-rpm-wheels.patch
+Patch7:              CVE-2025-6069.patch
 Requires:            antlr32-java apache-commons-compress bouncycastle bouncycastle-pkix guava
 Requires:            objectweb-asm jctools >= 2.0.2 jnr-constants jnr-ffi jnr-netdb jnr-posix jffi
 Requires:            jffi-native jline jansi icu4j netty >= 4.1.13 xerces-j2
@@ -69,12 +70,13 @@ Demonstrations and samples for %{name}.
 %patch3
 %patch4 -p1
 %patch5
+%patch7 -p1
 
 find . -type f -a -name *.jar -delete
 find . -type f -a -name *.exe -delete
 find . -type f -a -name *.dll -delete
 %if %{with rpmwheels}
-%patch189 -p1
+%patch6 -p1
 rm Lib/ensurepip/_bundled/*.whl
 rmdir Lib/ensurepip/_bundled
 %endif
@@ -140,6 +142,9 @@ ln -s %{_datadir}/%{name}/bin/jython $RPM_BUILD_ROOT%{_bindir}
 %{_datadir}/%{name}/Demo
 
 %changelog
+* Mon Jul 07 2025 wangkai <13474090681@163.com> - 2.7.1-3
+- Fix CVE-2025-6069
+
 * Mon Nov 13 2023 wangkai <13474090681@163.com> - 2.7.1-2
 - Fix build failure caused by guava upgrade