diff --git a/backport-CVE-2025-25724.patch b/backport-CVE-2025-25724.patch
new file mode 100644
index 0000000..1cbbfaa
--- /dev/null
+++ b/backport-CVE-2025-25724.patch
@@ -0,0 +1,34 @@
+From 6636f89f5fe08a20de3b2d034712c781d3a67985 Mon Sep 17 00:00:00 2001
+From: Peter Kaestle <peter@piie.net>
+Date: Wed, 5 Mar 2025 15:01:14 +0100
+Subject: [PATCH] tar/util.c: fix NULL pointer dereference issue on strftime
+
+Fix CVE-2025-25724 by detecting NULL return of localtime_r(&tim, &tmbuf),
+which could happen in case tim is incredible big.
+
+In case this error is triggered, put an "INVALID DATE" string into the
+outbuf.
+
+Error poc: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug
+
+Signed-off-by: Peter Kaestle <peter@piie.net>
+---
+ tar/util.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/tar/util.c b/tar/util.c
+index 3b099cb5f..f3cbdf0bb 100644
+--- a/tar/util.c
++++ b/tar/util.c
+@@ -749,7 +749,10 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry)
+ #else
+ 	ltime = localtime(&tim);
+ #endif
+-	strftime(tmp, sizeof(tmp), fmt, ltime);
++	if (ltime)
++		strftime(tmp, sizeof(tmp), fmt, ltime);
++	else
++		sprintf(tmp, "-- -- ----");
+ 	fprintf(out, " %s ", tmp);
+ 	safe_fprintf(out, "%s", archive_entry_pathname(entry));
+ 
diff --git a/libarchive.spec b/libarchive.spec
index c41ca95..8eab441 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -2,7 +2,7 @@
 
 Name:           libarchive
 Version:        3.4.3
-Release:        8
+Release:        9
 Summary:        Multi-format archive and compression library
 
 License:        BSD
@@ -30,6 +30,7 @@ Patch6010:      backport-0004-CVE-2021-31566.patch
 Patch6011:      backport-CVE-2022-26280.patch
 Patch6012:      backport-CVE-2022-36227.patch
 Patch6013:      backport-CVE-2024-20696.patch
+Patch6014:      backport-CVE-2025-25724.patch
 
 %description
 %{name} is an open-source BSD-licensed C programming library that 
@@ -161,6 +162,12 @@ run_testsuite
 %{_mandir}/man5/*
 
 %changelog
+* Tue Mar 11 2025 lingsheng <lingsheng1@h-partners.com> - 3.4.3-9
+- Type:CVE
+- ID:CVE-2025-25724
+- SUG:NA
+- DESC:fix CVE-2025-25724
+
 * Thu Jun 06 2024 lingsheng <lingsheng1@h-partners.com> - 3.4.3-8
 - Type:CVE
 - ID:CVE-2024-20696