diff --git a/SPECS/hvloader/CVE-2025-69421.patch b/SPECS/hvloader/CVE-2025-69421.patch
new file mode 100644
index 00000000000..79c23c8c76f
--- /dev/null
+++ b/SPECS/hvloader/CVE-2025-69421.patch
@@ -0,0 +1,32 @@
+From ee77847568f0700e9d758d923f4db54a2492e9f2 Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Mon, 9 Feb 2026 10:27:57 +0000
+Subject: [PATCH] PKCS12_item_decrypt_d2i(): Check oct argument for
+ NULL\n\nFixes CVE-2025-69421\n\nBackport: Adapted to legacy PKCS12err macro
+ for this codebase.
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport from existing Build 1045596 of https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7.patch
+---
+ .../Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c      | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c
+index 3c860584..e7815319 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c
+@@ -88,6 +88,11 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+     void *ret;
+     int outlen;
+ 
++    if (oct == NULL) {
++        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, ERR_R_PASSED_NULL_PARAMETER);
++        return NULL;
++    }
++
+     if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+                           &out, &outlen, 0)) {
+         PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
+-- 
+2.45.4
+
diff --git a/SPECS/hvloader/hvloader.spec b/SPECS/hvloader/hvloader.spec
index fbe7989514c..cb8e2fc9ff6 100644
--- a/SPECS/hvloader/hvloader.spec
+++ b/SPECS/hvloader/hvloader.spec
@@ -4,7 +4,7 @@
 Summary:        HvLoader.efi is an EFI application for loading an external hypervisor loader.
 Name:           hvloader
 Version:        1.0.1
-Release:        17%{?dist}
+Release:        18%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -40,6 +40,7 @@ Patch22:        CVE-2025-2295.patch
 Patch23:        CVE-2025-68160.patch
 Patch24:        CVE-2025-69418.patch
 Patch25:        CVE-2026-22796.patch
+Patch26:        CVE-2025-69421.patch
 
 BuildRequires:  bc
 BuildRequires:  gcc
@@ -85,6 +86,9 @@ cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{
 /boot/efi/HvLoader.efi
 
 %changelog
+* Mon Feb 09 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.0.1-18
+- Patch for CVE-2025-69421
+
 * Mon Feb 02 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.0.1-17
 - Patch for CVE-2026-22796, CVE-2025-68160, CVE-2025-69418