diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
new file mode 100644
index 000000000..42e0d35be
--- /dev/null
+++ b/.github/workflows/trivy.yml
@@ -0,0 +1,10 @@
+name: build
+on:
+  pull_request:
+jobs:
+  build:
+    name: Security Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Trivy Security check on Repository
+        uses: it-at-m/lhm_actions/action-templates/actions/action-trivy@12966547963631f8429d42bab860485b413003c2
diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 000000000..e69de29bb
diff --git a/refarch-backend/pom.xml b/refarch-backend/pom.xml
index 71badc186..27dfca3e9 100644
--- a/refarch-backend/pom.xml
+++ b/refarch-backend/pom.xml
@@ -252,6 +252,12 @@
             <artifactId>commons-io</artifactId>
             <version>${commons-io.version}</version>
         </dependency>
+        <dependency> <!-- Added to fix CVE-2025-48924-->
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.18.0</version>
+            <scope>compile</scope>
+        </dependency>
 
         <!-- Configuration Processor -->
         <dependency>
diff --git a/refarch-eai/pom.xml b/refarch-eai/pom.xml
index 4dba84f32..bc40ec28a 100644
--- a/refarch-eai/pom.xml
+++ b/refarch-eai/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.5.4</version> <!-- must match the chosen Camel version in properties -> camel-spring-boot-dependencies.version, see e.g. https://central.sonatype.com/artifact/org.apache.camel.springboot/camel-spring-boot/dependencies and search for 'spring-boot-starter' -->
+        <version>3.5.10</version> <!-- must match the chosen Camel version in properties -> camel-spring-boot-dependencies.version, see e.g. https://central.sonatype.com/artifact/org.apache.camel.springboot/camel-spring-boot/dependencies and search for 'spring-boot-starter' -->
         <relativePath />
     </parent>
 
@@ -46,7 +46,7 @@
         <maven.compiler.release>${java.version}</maven.compiler.release>
 
         <!-- Core Frameworks -->
-        <camel-spring-boot-dependencies.version>4.14.5</camel-spring-boot-dependencies.version>
+        <camel-spring-boot-dependencies.version>4.18.0</camel-spring-boot-dependencies.version>
 
         <!-- Linting & Formatting -->
         <spotless-maven-plugin.version>3.2.1</spotless-maven-plugin.version>