diff --git a/build/cdc_data/Dockerfile b/build/cdc_data/Dockerfile
index 3a6481ffa9..977ee131eb 100644
--- a/build/cdc_data/Dockerfile
+++ b/build/cdc_data/Dockerfile
@@ -45,7 +45,7 @@ ARG PIP_DISABLE_PIP_VERSION_CHECK=1
 ARG PIP_NO_CACHE_DIR=1
 
 # Create a virtual env, add it to path, and install all requirements.
-RUN python -m venv /workspace/venv
+RUN python -m venv /workspace/venv --without-pip
 ENV PATH="/workspace/venv/bin:$PATH"
 
 # TODO: Install requirements for embeddings importer and data importer in separate virtual envs.
@@ -74,8 +74,18 @@ COPY build/cdc_data/run.sh .
 # Make script executable.
 RUN chmod +x run.sh
 
+# Python packages upgrade to fix vulnerabilities
+RUN apt-get update && apt-get -y upgrade && apt-get dist-upgrade \
+    && pip3 install --upgrade \
+        setuptools \
+        "wheel==0.46.2" \
+        "urllib3==2.6.3" \
+        "pillow==12.1.1" \
+        "google-cloud-aiplatform==1.133.0" \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
 # Activate the virtual env.
 ENV PATH="/workspace/venv/bin:$PATH"
 
 # Set the default command to run the script.
-CMD ["./run.sh"]
\ No newline at end of file
+CMD ["./run.sh"]
diff --git a/build/cdc_services_runtime/Dockerfile b/build/cdc_services_runtime/Dockerfile
index 1068ae8b14..ecfdc1106e 100644
--- a/build/cdc_services_runtime/Dockerfile
+++ b/build/cdc_services_runtime/Dockerfile
@@ -28,4 +28,9 @@ FROM --platform=linux/amd64 python:3.11.14-slim as runtime
 COPY --from=envoy /usr/local/bin/envoy /usr/local/bin/envoy
 
 # Install nginx.
-RUN apt-get update && apt-get -y upgrade && apt update && apt install -y nginx
\ No newline at end of file
+RUN apt-get update && apt-get -y upgrade && apt install -y nginx \
+    && pip install --upgrade \
+        pip \
+        "wheel==0.46.2" \
+        setuptools \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*