diff --git a/CHANGES b/CHANGES
index d49e00c32c..79da4a1737 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+7.0.5-4 | 2025-03-18 16:17:54 -0700
+
+ * Add analyzer registration from VLAN to VNTAG (Tim Wojtulewicz, Corelight)
+
+ (cherry picked from commit cb5e3d0054ac9acdc13606de35b79f0da06d6a21)
+
7.0.5-3 | 2025-03-18 16:16:08 -0700
* GH-2311: scan.l: Fix @load-plugin scripts loading (Arne Welzel, Corelight)
diff --git a/VERSION b/VERSION
index ea6a1303dd..da657f1fe1 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-7.0.5-3
+7.0.5-4
diff --git a/scripts/base/packet-protocols/vlan/main.zeek b/scripts/base/packet-protocols/vlan/main.zeek
index 900c4270fd..c0eb73b340 100644
--- a/scripts/base/packet-protocols/vlan/main.zeek
+++ b/scripts/base/packet-protocols/vlan/main.zeek
@@ -19,6 +19,7 @@ event zeek_init() &priority=20
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x8035, PacketAnalyzer::ANALYZER_ARP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x8100, PacketAnalyzer::ANALYZER_VLAN);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x8864, PacketAnalyzer::ANALYZER_PPPOE);
+ PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x8926, PacketAnalyzer::ANALYZER_VNTAG);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, SNAP_FORWARDING_KEY,
PacketAnalyzer::ANALYZER_SNAP);
diff --git a/testing/btest/Baseline/core.vntag-in-vlan/conn.log b/testing/btest/Baseline/core.vntag-in-vlan/conn.log
new file mode 100644
index 0000000000..1da25336f3
--- /dev/null
+++ b/testing/btest/Baseline/core.vntag-in-vlan/conn.log
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator ,
+#empty_field (empty)
+#unset_field -
+#path conn
+#open XXXX-XX-XX-XX-XX-XX
+#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
+#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
+XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.10.10.1 443 10.10.10.2 56960 tcp - - - - OTH T T 0 - 0 0 0 0 - 6
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index bbdfa3720d..50101a4689 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -289,6 +289,7 @@
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS)) ->
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE)) ->
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 35047, PacketAnalyzer::ANALYZER_PBB)) ->
+0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 35110, PacketAnalyzer::ANALYZER_VNTAG)) ->
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 33024, PacketAnalyzer::ANALYZER_VLAN)) ->
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 34984, PacketAnalyzer::ANALYZER_VLAN)) ->
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 37120, PacketAnalyzer::ANALYZER_VLAN)) ->
@@ -1213,6 +1214,7 @@
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 35047, PacketAnalyzer::ANALYZER_PBB))
+0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 35110, PacketAnalyzer::ANALYZER_VNTAG))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 33024, PacketAnalyzer::ANALYZER_VLAN))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 34984, PacketAnalyzer::ANALYZER_VLAN))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 37120, PacketAnalyzer::ANALYZER_VLAN))
@@ -2136,6 +2138,7 @@
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 35047, PacketAnalyzer::ANALYZER_PBB)
+0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 35110, PacketAnalyzer::ANALYZER_VNTAG)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VNTAG, 33024, PacketAnalyzer::ANALYZER_VLAN)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VNTAG, 34984, PacketAnalyzer::ANALYZER_VLAN)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VNTAG, 37120, PacketAnalyzer::ANALYZER_VLAN)
diff --git a/testing/btest/Traces/vntag_vlan_sandwich_clean.pcap b/testing/btest/Traces/vntag_vlan_sandwich_clean.pcap
new file mode 100644
index 0000000000..d1dd3a8c86
Binary files /dev/null and b/testing/btest/Traces/vntag_vlan_sandwich_clean.pcap differ
diff --git a/testing/btest/core/vntag-in-vlan.zeek b/testing/btest/core/vntag-in-vlan.zeek
new file mode 100644
index 0000000000..9406c1306b
--- /dev/null
+++ b/testing/btest/core/vntag-in-vlan.zeek
@@ -0,0 +1,4 @@
+# @TEST-EXEC: zeek -b -C -r $TRACES/vntag_vlan_sandwich_clean.pcap %INPUT
+# @TEST-EXEC: btest-diff conn.log
+
+@load base/protocols/conn