diff --git a/modules/epel/artifacts/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 b/modules/epel/artifacts/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
new file mode 100644
index 00000000..234c12fb
--- /dev/null
+++ b/modules/epel/artifacts/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp
+CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6
+2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW
+DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu
+n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z
+39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy
+XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK
+44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS
+9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH
+DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq
+uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB
+tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI
+ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF
+3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC
+nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n
+R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG
+4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe
+CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL
+9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7
+w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT
+/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd
+fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE
+r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux
+VL469Kj5m13T6w==
+=Mjs/
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/modules/epel/artifacts/etc/yum.repos.d/epel.repo b/modules/epel/artifacts/etc/yum.repos.d/epel.repo
new file mode 100644
index 00000000..06f2c526
--- /dev/null
+++ b/modules/epel/artifacts/etc/yum.repos.d/epel.repo
@@ -0,0 +1,30 @@
+[epel]
+name=Extra Packages for Enterprise Linux 9 - $basearch
+# It is much more secure to use the metalink, but if you wish to use a local mirror
+# place its address here.
+#baseurl=https://download.example/pub/epel/9/Everything/$basearch/
+metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-9&arch=$basearch&infra=$infra&content=$contentdir
+enabled=1
+gpgcheck=1
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
+
+[epel-debuginfo]
+name=Extra Packages for Enterprise Linux 9 - $basearch - Debug
+# It is much more secure to use the metalink, but if you wish to use a local mirror
+# place its address here.
+#baseurl=https://download.example/pub/epel/9/Everything/$basearch/debug/
+metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-9&arch=$basearch&infra=$infra&content=$contentdir
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
+gpgcheck=1
+
+[epel-source]
+name=Extra Packages for Enterprise Linux 9 - $basearch - Source
+# It is much more secure to use the metalink, but if you wish to use a local mirror
+# place its address here.
+#baseurl=https://download.example/pub/epel/9/Everything/source/tree/
+metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-9&arch=$basearch&infra=$infra&content=$contentdir
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
+gpgcheck=1
diff --git a/modules/epel/configure.sh b/modules/epel/configure.sh
new file mode 100755
index 00000000..e2fffe9c
--- /dev/null
+++ b/modules/epel/configure.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR=$(dirname $0)
+ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts
+
+install -m 0644 -D {${ARTIFACTS_DIR},}/etc/yum.repos.d/epel.repo
+install -m 0644 -D {${ARTIFACTS_DIR},}/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
diff --git a/modules/epel/module.yaml b/modules/epel/module.yaml
new file mode 100644
index 00000000..b23bc9a8
--- /dev/null
+++ b/modules/epel/module.yaml
@@ -0,0 +1,8 @@
+schema_version: 1
+name: jboss.container.epel
+version: '1.0'
+description: Enable EPEL for RHEL9
+  Debug/testing only.
+
+execute:
+- script: configure.sh
diff --git a/modules/jdk/latest/artifacts/opt/jboss/container/openjdk/jdk/jvm-options b/modules/jdk/latest/artifacts/opt/jboss/container/openjdk/jdk/jvm-options
new file mode 100644
index 00000000..a6a96dcb
--- /dev/null
+++ b/modules/jdk/latest/artifacts/opt/jboss/container/openjdk/jdk/jvm-options
@@ -0,0 +1,10 @@
+
+#!/bin/sh
+# ==============================================================================
+# JDK specific customizations
+#
+# ==============================================================================
+
+function jvm_specific_diagnostics() {
+    echo "-Xlog:gc::utctime -XX:NativeMemoryTracking=summary"
+}
diff --git a/modules/jdk/latest/configure.sh b/modules/jdk/latest/configure.sh
new file mode 100755
index 00000000..de1c7d0a
--- /dev/null
+++ b/modules/jdk/latest/configure.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Configure module
+set -e
+
+SCRIPT_DIR=$(dirname $0)
+ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts
+
+install -m 0644 -D {${ARTIFACTS_DIR},}/opt/jboss/container/openjdk/jdk/jvm-options
+
+# Update securerandom.source for quicker starts (must be done after removing jdk 8, or it will hit the wrong files)
+JAVA_SECURITY_FILE=/usr/lib/jvm/java/conf/security/java.security
+SECURERANDOM=securerandom.source
+if grep -q "^$SECURERANDOM=.*" $JAVA_SECURITY_FILE; then
+    sed -i "s|^$SECURERANDOM=.*|$SECURERANDOM=file:/dev/urandom|" $JAVA_SECURITY_FILE
+else
+    echo $SECURERANDOM=file:/dev/urandom >> $JAVA_SECURITY_FILE
+fi
diff --git a/modules/jdk/latest/module.yaml b/modules/jdk/latest/module.yaml
new file mode 100644
index 00000000..1e2738d1
--- /dev/null
+++ b/modules/jdk/latest/module.yaml
@@ -0,0 +1,36 @@
+schema_version: 1
+
+name: "jboss.container.openjdk.jdk"
+description: "Installs the JDK for OpenJDK 25."
+version: &jdkver "25"
+
+labels:
+- name: "org.jboss.product"
+  value: "openjdk"
+- name: "org.jboss.product.version"
+  value: *jdkver
+- name: "org.jboss.product.openjdk.version"
+  value: *jdkver
+
+envs:
+- name: "JAVA_HOME"
+  value: "/usr/lib/jvm/java-25"
+- name: "JAVA_VENDOR"
+  value: "openjdk"
+- name: "JAVA_VERSION"
+  value: *jdkver
+- name: JBOSS_CONTAINER_OPENJDK_JDK_MODULE
+  value: /opt/jboss/container/openjdk/jdk
+
+packages:
+  install:
+  - java-latest-openjdk-devel
+
+modules:
+  install:
+  - name: jboss.container.epel
+  - name: jboss.container.user
+  - name: jboss.container.openjdk
+
+execute:
+- script: configure.sh
diff --git a/modules/jre/latest/artifacts/opt/jboss/container/openjdk/jre/jvm-options b/modules/jre/latest/artifacts/opt/jboss/container/openjdk/jre/jvm-options
new file mode 100644
index 00000000..a6a96dcb
--- /dev/null
+++ b/modules/jre/latest/artifacts/opt/jboss/container/openjdk/jre/jvm-options
@@ -0,0 +1,10 @@
+
+#!/bin/sh
+# ==============================================================================
+# JDK specific customizations
+#
+# ==============================================================================
+
+function jvm_specific_diagnostics() {
+    echo "-Xlog:gc::utctime -XX:NativeMemoryTracking=summary"
+}
diff --git a/modules/jre/latest/configure.sh b/modules/jre/latest/configure.sh
new file mode 100755
index 00000000..ac25e85c
--- /dev/null
+++ b/modules/jre/latest/configure.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR=$(dirname $0)
+ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts
+
+install -m 0644 -D {${ARTIFACTS_DIR},}/opt/jboss/container/openjdk/jre/jvm-options
diff --git a/modules/jre/latest/module.yaml b/modules/jre/latest/module.yaml
new file mode 100644
index 00000000..b277655b
--- /dev/null
+++ b/modules/jre/latest/module.yaml
@@ -0,0 +1,35 @@
+schema_version: 1
+
+name: "jboss.container.openjdk.jre"
+description: "Installs only the JRE headless for OpenJDK 25."
+version: &jdkver "25"
+
+labels:
+- name: "org.jboss.product"
+  value: "openjdk"
+- name: "org.jboss.product.version"
+  value: *jdkver
+- name: "org.jboss.product.openjdk.version"
+  value: *jdkver
+
+envs:
+- name: "JAVA_HOME"
+  value: "/usr/lib/jvm/jre"
+- name: "JAVA_VENDOR"
+  value: "openjdk"
+- name: "JAVA_VERSION"
+  value: *jdkver
+- name: JBOSS_CONTAINER_OPENJDK_JRE_MODULE
+  value: /opt/jboss/container/openjdk/jre
+
+packages:
+  install:
+  - java-latest-openjdk-headless
+
+modules:
+  install:
+  - name: jboss.container.user
+  - name: jboss.container.openjdk
+
+execute:
+- script: configure.sh
diff --git a/redhat/ubi9-openjdk-25-runtime.yaml b/redhat/ubi9-openjdk-25-runtime.yaml
new file mode 100644
index 00000000..a33aed17
--- /dev/null
+++ b/redhat/ubi9-openjdk-25-runtime.yaml
@@ -0,0 +1,31 @@
+# This OSBS Base Image is designed and engineered to be the base layer for
+# Red Hat products. This base image is only supported for approved Red Hat
+# products. This image is maintained by Red Hat and updated regularly.
+from: registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal
+osbs:
+  configuration:
+    container:
+      compose:
+        pulp_repos: true
+        packages:
+        - java-25-openjdk-headless
+        signing_intent: release
+  repository:
+    name: containers/openjdk
+    branch: openjdk-25-runtime-ubi9
+
+packages:
+  manager: microdnf
+  content_sets:
+    x86_64:
+    - rhel-9-for-x86_64-baseos-rpms
+    - rhel-9-for-x86_64-appstream-rpms
+    ppc64le:
+    - rhel-9-for-ppc64le-baseos-rpms
+    - rhel-9-for-ppc64le-appstream-rpms
+    aarch64:
+    - rhel-9-for-aarch64-baseos-rpms
+    - rhel-9-for-aarch64-appstream-rpms
+    s390x:
+    - rhel-9-for-s390x-baseos-rpms
+    - rhel-9-for-s390x-appstream-rpms
diff --git a/redhat/ubi9-openjdk-25.yaml b/redhat/ubi9-openjdk-25.yaml
new file mode 100644
index 00000000..6b9f70c9
--- /dev/null
+++ b/redhat/ubi9-openjdk-25.yaml
@@ -0,0 +1,33 @@
+# This OSBS Base Image is designed and engineered to be the base layer for
+# Red Hat products. This base image is only supported for approved Red Hat
+# products. This image is maintained by Red Hat and updated regularly.
+from: registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal
+osbs:
+  configuration:
+    container:
+      compose:
+        pulp_repos: true
+        packages:
+        - java-25-openjdk
+        - java-25-openjdk-devel
+        - java-25-openjdk-headless
+        signing_intent: release
+  repository:
+    name: containers/openjdk
+    branch: openjdk-25-ubi9
+
+packages:
+  manager: microdnf
+  content_sets:
+    x86_64:
+    - rhel-9-for-x86_64-baseos-rpms
+    - rhel-9-for-x86_64-appstream-rpms
+    ppc64le:
+    - rhel-9-for-ppc64le-baseos-rpms
+    - rhel-9-for-ppc64le-appstream-rpms
+    aarch64:
+    - rhel-9-for-aarch64-baseos-rpms
+    - rhel-9-for-aarch64-appstream-rpms
+    s390x:
+    - rhel-9-for-s390x-baseos-rpms
+    - rhel-9-for-s390x-appstream-rpms
diff --git a/ubi9-openjdk-25-runtime.yaml b/ubi9-openjdk-25-runtime.yaml
new file mode 100644
index 00000000..2209193d
--- /dev/null
+++ b/ubi9-openjdk-25-runtime.yaml
@@ -0,0 +1,63 @@
+# This is an Image descriptor for Cekit
+
+schema_version: 1
+
+from: "registry.access.redhat.com/ubi9/ubi-minimal"
+name: &name "ubi9/openjdk-25-runtime"
+version: &version "1.23"
+description: "Image for Red Hat OpenShift providing OpenJDK 25 runtime"
+
+labels:
+- name: "io.k8s.description"
+  value: "Platform for running plain Java applications (fat-jar and flat classpath)"
+- name: "io.k8s.display-name"
+  value: "Java Applications"
+- name: "io.openshift.tags"
+  value: "java"
+- name: "maintainer"
+  value: "Red Hat OpenJDK <openjdk@redhat.com>"
+- name: "com.redhat.component"
+  value: "openjdk-25-runtime-ubi9-container"
+- name: "usage"
+  value: &docs "https://rh-openjdk.github.io/redhat-openjdk-containers/"
+- name: "com.redhat.license_terms"
+  value: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
+- name: "org.opencontainers.image.documentation"
+  value: *docs
+- name: "name"
+  value: *name
+- name: "version"
+  value: *version
+- name: "org.opencontainers.image.source"
+  value: "https://github.com/rh-openjdk/redhat-openjdk-containers"
+- name: "org.opencontainers.image.revision"
+  value: "ubi9"
+
+envs:
+- name: "JBOSS_IMAGE_NAME"
+  value: *name
+- name: "JBOSS_IMAGE_VERSION"
+  value: *version
+- name: "LANG"
+  value: "C.utf8"
+
+ports:
+- value: 8080
+- value: 8443
+
+modules:
+  repositories:
+  - path: modules
+  install:
+  - name: jboss.container.util.pkg-update
+  - name: jboss.container.tar
+  - name: jboss.container.openjdk.jre
+    version: "25"
+  - name: jboss.container.util.tzdata
+  - name: jboss.container.java.jre.run
+
+help:
+  add: true
+
+packages:
+  manager: microdnf
diff --git a/ubi9-openjdk-25.yaml b/ubi9-openjdk-25.yaml
new file mode 100644
index 00000000..f1d9d730
--- /dev/null
+++ b/ubi9-openjdk-25.yaml
@@ -0,0 +1,67 @@
+# This is an Image descriptor for Cekit
+
+schema_version: 1
+
+from: "registry.access.redhat.com/ubi9/ubi-minimal"
+name: &name "ubi9/openjdk-25"
+version: &version "1.23"
+description: "Source To Image (S2I) image for Red Hat OpenShift providing OpenJDK 25"
+
+labels:
+- name: "io.k8s.description"
+  value: "Platform for building and running plain Java applications (fat-jar and flat classpath)"
+- name: "io.k8s.display-name"
+  value: "Java Applications"
+- name: "io.openshift.tags"
+  value: "builder,java"
+- name: "maintainer"
+  value: "Red Hat OpenJDK <openjdk@redhat.com>"
+- name: "com.redhat.component"
+  value: "openjdk-25-ubi9-container"
+- name: "usage"
+  value: &docs "https://rh-openjdk.github.io/redhat-openjdk-containers/"
+- name: "com.redhat.license_terms"
+  value: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
+- name: "org.opencontainers.image.documentation"
+  value: *docs
+- name: "name"
+  value: *name
+- name: "version"
+  value: *version
+- name: "org.opencontainers.image.source"
+  value: "https://github.com/rh-openjdk/redhat-openjdk-containers"
+- name: "org.opencontainers.image.revision"
+  value: "ubi9"
+
+envs:
+- name: PATH
+  value: $PATH:"/usr/local/s2i"
+- name: "JBOSS_IMAGE_NAME"
+  value: *name
+- name: "JBOSS_IMAGE_VERSION"
+  value: *version
+- name: "LANG"
+  value: "C.utf8"
+
+ports:
+- value: 8080
+- value: 8443
+
+modules:
+  repositories:
+  - path: modules
+  install:
+  - name: jboss.container.util.pkg-update
+  - name: jboss.container.openjdk.jdk
+    version: "25"
+  - name: jboss.container.maven
+    version: "3.9.21"
+  - name: jboss.container.util.tzdata
+  - name: jboss.container.java.s2i.bash
+  - name: jboss.container.util.tzdata
+
+help:
+  add: true
+
+packages:
+  manager: microdnf