diff --git a/build.gradle b/build.gradle
index 35c69b1ec0..7858e0efd8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -310,6 +310,27 @@ allprojects {
force "io.grpc:grpc-stub:${grpcVersion}"
force "io.grpc:grpc-xds:${grpcVersion}"
+ // Netty - transitive dependency via azure-core-http-netty; force for CVE-2025-67735
+ force "io.netty:netty-buffer:${nettyVersion}"
+ force "io.netty:netty-codec:${nettyVersion}"
+ force "io.netty:netty-codec-dns:${nettyVersion}"
+ force "io.netty:netty-codec-http:${nettyVersion}"
+ force "io.netty:netty-codec-http2:${nettyVersion}"
+ force "io.netty:netty-codec-socks:${nettyVersion}"
+ force "io.netty:netty-common:${nettyVersion}"
+ force "io.netty:netty-handler:${nettyVersion}"
+ force "io.netty:netty-handler-proxy:${nettyVersion}"
+ force "io.netty:netty-resolver:${nettyVersion}"
+ force "io.netty:netty-resolver-dns:${nettyVersion}"
+ force "io.netty:netty-resolver-dns-classes-macos:${nettyVersion}"
+ force "io.netty:netty-resolver-dns-native-macos:${nettyVersion}"
+ force "io.netty:netty-transport:${nettyVersion}"
+ force "io.netty:netty-transport-classes-epoll:${nettyVersion}"
+ force "io.netty:netty-transport-classes-kqueue:${nettyVersion}"
+ force "io.netty:netty-transport-native-epoll:${nettyVersion}"
+ force "io.netty:netty-transport-native-kqueue:${nettyVersion}"
+ force "io.netty:netty-transport-native-unix-common:${nettyVersion}"
+
// tcrdb, cloud, SequenceAnalysis, recipe mfa, pipeline, fileTransfer, docker mcc, DiscvrLabKeyModules:Studies and api have differnet versions of these libraries, so we need to force these versions
force "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}"
force "com.fasterxml.jackson.core:jackson-databind:${jacksonDatabindVersion}"
diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index b181166d9d..7e17ba5c0c 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -183,6 +183,27 @@
cpe:/a:bzip2_project:bzip2
+
+
+
+ ^pkg:maven/com\.microsoft\.azure/msal4j@.*$
+ >CVE-2024-35255
+
+
+
+ ^pkg:maven/com\.microsoft\.azure/msal4j@.*$
+ CVE-2023-36415
+
+