diff --git a/SPECS/gnupg2/gnupg2.signatures.json b/SPECS/gnupg2/gnupg2.signatures.json
index caf31269c7a..253cb6ed082 100644
--- a/SPECS/gnupg2/gnupg2.signatures.json
+++ b/SPECS/gnupg2/gnupg2.signatures.json
@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "gnupg-2.4.8.tar.bz2": "b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616"
- }
-}
\ No newline at end of file
+  "Signatures": {
+    "gnupg-2.4.9.tar.bz2": "dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964"
+  }
+}
diff --git a/SPECS/gnupg2/gnupg2.spec b/SPECS/gnupg2/gnupg2.spec
index 46217b46551..b5228c7fa14 100644
--- a/SPECS/gnupg2/gnupg2.spec
+++ b/SPECS/gnupg2/gnupg2.spec
@@ -1,6 +1,6 @@
 Summary:        OpenPGP standard implementation used for encrypted communication and data storage.
 Name:           gnupg2
-Version:        2.4.8
+Version:        2.4.9
 Release:        1%{?dist}
 License:        BSD and CC0 and GPLv2+ and LGPLv2+
 Vendor:         Microsoft Corporation
@@ -104,6 +104,9 @@ ln -s $(pwd)/bin/gpg $(pwd)/bin/gpg2
 %defattr(-,root,root)
 
 %changelog
+* Mon Jan 05 2026 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.4.9-1
+- Auto-upgrade to 2.4.9 - for CVE-2025-68973
+
 * Mon Dec 22 2025 Ratiranjan Behera <v-ratbehera@microsoft.com> - 2.4.8-1
 - Upgrade gnupg2 to 2.4.8 for CVE-2025-30258
 
diff --git a/cgmanifest.json b/cgmanifest.json
index b126a1a7dd0..f4b4dd09fa4 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -4610,8 +4610,8 @@
         "type": "other",
         "other": {
           "name": "gnupg2",
-          "version": "2.4.8",
-          "downloadUrl": "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
+          "version": "2.4.9",
+          "downloadUrl": "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.9.tar.bz2"
         }
       }
     },
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index eda98b64abe..3351c4ae8e1 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -228,8 +228,8 @@ libksba-devel-1.6.4-1.azl3.aarch64.rpm
 libxslt-1.1.43-3.azl3.aarch64.rpm
 npth-1.6-4.azl3.aarch64.rpm
 pinentry-1.2.1-1.azl3.aarch64.rpm
-gnupg2-2.4.8-1.azl3.aarch64.rpm
-gnupg2-lang-2.4.8-1.azl3.aarch64.rpm
+gnupg2-2.4.9-1.azl3.aarch64.rpm
+gnupg2-lang-2.4.9-1.azl3.aarch64.rpm
 gpgme-1.23.2-2.azl3.aarch64.rpm
 azurelinux-repos-shared-3.0-5.azl3.noarch.rpm
 azurelinux-repos-3.0-5.azl3.noarch.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index ad14d358cfa..f5a901deaa4 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -228,8 +228,8 @@ libksba-devel-1.6.4-1.azl3.x86_64.rpm
 libxslt-1.1.43-3.azl3.x86_64.rpm
 npth-1.6-4.azl3.x86_64.rpm
 pinentry-1.2.1-1.azl3.x86_64.rpm
-gnupg2-2.4.8-1.azl3.x86_64.rpm
-gnupg2-lang-2.4.8-1.azl3.x86_64.rpm
+gnupg2-2.4.9-1.azl3.x86_64.rpm
+gnupg2-lang-2.4.9-1.azl3.x86_64.rpm
 gpgme-1.23.2-2.azl3.x86_64.rpm
 azurelinux-repos-shared-3.0-5.azl3.noarch.rpm
 azurelinux-repos-3.0-5.azl3.noarch.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index bdcc433a468..44d878a52dc 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -140,9 +140,9 @@ glibc-tools-2.38-16.azl3.aarch64.rpm
 gmp-6.3.0-1.azl3.aarch64.rpm
 gmp-debuginfo-6.3.0-1.azl3.aarch64.rpm
 gmp-devel-6.3.0-1.azl3.aarch64.rpm
-gnupg2-2.4.8-1.azl3.aarch64.rpm
-gnupg2-debuginfo-2.4.8-1.azl3.aarch64.rpm
-gnupg2-lang-2.4.8-1.azl3.aarch64.rpm
+gnupg2-2.4.9-1.azl3.aarch64.rpm
+gnupg2-debuginfo-2.4.9-1.azl3.aarch64.rpm
+gnupg2-lang-2.4.9-1.azl3.aarch64.rpm
 gperf-3.1-5.azl3.aarch64.rpm
 gperf-debuginfo-3.1-5.azl3.aarch64.rpm
 gpgme-1.23.2-2.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index a2cdce447da..b2f695e5a8c 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -147,9 +147,9 @@ glibc-tools-2.38-16.azl3.x86_64.rpm
 gmp-6.3.0-1.azl3.x86_64.rpm
 gmp-debuginfo-6.3.0-1.azl3.x86_64.rpm
 gmp-devel-6.3.0-1.azl3.x86_64.rpm
-gnupg2-2.4.8-1.azl3.x86_64.rpm
-gnupg2-debuginfo-2.4.8-1.azl3.x86_64.rpm
-gnupg2-lang-2.4.8-1.azl3.x86_64.rpm
+gnupg2-2.4.9-1.azl3.x86_64.rpm
+gnupg2-debuginfo-2.4.9-1.azl3.x86_64.rpm
+gnupg2-lang-2.4.9-1.azl3.x86_64.rpm
 gperf-3.1-5.azl3.x86_64.rpm
 gperf-debuginfo-3.1-5.azl3.x86_64.rpm
 gpgme-1.23.2-2.azl3.x86_64.rpm