diff --git a/build.gradle b/build.gradle
index d424e2b..2fcc4bd 100644
--- a/build.gradle
+++ b/build.gradle
@@ -27,6 +27,12 @@ group = "com.pusher"
 version = "1.3.4"
 description = "Pusher HTTP Client"
 
+// Netty version override to address CVE-2025-24970, CVE-2025-25193, CVE-2025-55163,
+// CVE-2025-58056, CVE-2025-58057, CVE-2025-67735
+ext {
+    nettyVersion = '4.1.129.Final'
+}
+
 java {
     sourceCompatibility = JavaVersion.VERSION_11
     targetCompatibility = JavaVersion.VERSION_11
@@ -38,6 +44,10 @@ dependencies {
     implementation 'org.apache.httpcomponents:httpclient:4.5.13'
     implementation 'org.asynchttpclient:async-http-client:3.0.1'
     implementation 'com.google.code.gson:gson:2.8.9'
+
+    // Force Netty upgrade to resolve CVEs
+    implementation platform("io.netty:netty-bom:${nettyVersion}")
+
     testImplementation 'org.apache.httpcomponents:httpclient:4.5.13'
     testImplementation 'org.hamcrest:hamcrest-all:1.3'
     testImplementation 'org.jmock:jmock-junit5:2.12.0'
@@ -45,6 +55,15 @@ dependencies {
     testImplementation 'org.junit.jupiter:junit-jupiter:5.7.1'
 }
 
+configurations.all {
+    resolutionStrategy.eachDependency { details ->
+        if (details.requested.group == 'io.netty') {
+            details.useVersion nettyVersion
+            details.because 'CVE-2025-24970, CVE-2025-25193, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-67735'
+        }
+    }
+}
+
 processResources {
     filter(ReplaceTokens, tokens: [
             version: project.version