diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 014736a71..5c96fa366 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -20,10 +20,19 @@ updates:
       update-types:
         - "patch"
         - "minor"
+      exclude-patterns:
+          - "org.springframework.boot:*"
+          - "io.spring.dependency-management"
+          # All netty references are temporary overwrites that must be set carefully
+          # We do not need dependabot to send pull requests
+          - "io.netty:*"    
     other-dependencies:
       exclude-patterns:
         - "org.springframework.boot:*"
         - "io.spring.dependency-management"
+        # All netty references are temporary overwrites that must be set carefully
+        # We do not need dependabot to send pull requests
+        - "io.netty:*"
       patterns:
         - "*"
       update-types:
diff --git a/api/build.gradle b/api/build.gradle
index ca071b806..a96f06c5d 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -68,6 +68,10 @@ dependencies {
     // CVE Fixes
     implementation libs.apache.commons.compress
     implementation libs.okhttp3.logging.intercepter
+    // START Fixes https://www.cve.org/CVERecord?id=CVE-2025-58056 and https://www.cve.org/CVERecord?id=CVE-2025-58057
+    implementation libs.netty.codec
+    implementation libs.netty.codec.http
+    // END Fixes https://www.cve.org/CVERecord?id=CVE-2025-58056 and https://www.cve.org/CVERecord?id=CVE-2025-58057
     // CVE Fixes End
 
     implementation libs.modelcontextprotocol.spring.webflux
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index d938ea0b6..69a9a4c61 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -1,6 +1,7 @@
 [versions]
 spring-boot = '3.5.5'
 nimbus-jose-jwt = '10.0.2'
+netty = '4.1.125.Final'
 
 aws-msk-auth = '2.3.0'
 azure-identity = '1.15.4'
@@ -149,3 +150,9 @@ prometheus-metrics-textformats = { module = 'io.prometheus:prometheus-metrics-ex
 prometheus-metrics-exporter-pushgateway  = { module = 'io.prometheus:prometheus-metrics-exporter-pushgateway', version.ref = 'prometheus'}
 
 snappy = {module = 'org.xerial.snappy:snappy-java', version = '1.1.10.7'}
+
+# CVE fixes
+# START Fixes https://www.cve.org/CVERecord?id=CVE-2025-58056 and https://www.cve.org/CVERecord?id=CVE-2025-58057
+netty-codec = {module = 'io.netty:netty-codec', version.ref = 'netty'}
+netty-codec-http = {module = 'io.netty:netty-codec-http', version.ref = 'netty'}
+# END Fixes https://www.cve.org/CVERecord?id=CVE-2025-58056 and https://www.cve.org/CVERecord?id=CVE-2025-58057