diff --git a/README.md b/README.md
index f62476df30..b3706a6284 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ The following table lists the software versions NGINX Gateway Fabric supports.
 
 | NGINX Gateway Fabric | Gateway API | Kubernetes | NGINX OSS | NGINX Plus | NGINX Agent |
 |----------------------|-------------|------------|-----------|------------|-------------|
-| Edge                 | 1.3.0       | 1.25+      | 1.29.1    | R35        | v3.3.2      |
+| Edge                 | 1.3.0       | 1.25+      | 1.29.2    | R35        | v3.3.2      |
 | 2.1.4                | 1.3.0       | 1.25+      | 1.29.1    | R35        | v3.3.1      |
 | 2.1.3                | 1.3.0       | 1.25+      | 1.29.1    | R35        | v3.3.1      |
 | 2.1.2                | 1.3.0       | 1.25+      | 1.29.1    | R35        | v3.3.1      |
diff --git a/build/Dockerfile.nginx b/build/Dockerfile.nginx
index ef9eddfada..e219eb9b79 100644
--- a/build/Dockerfile.nginx
+++ b/build/Dockerfile.nginx
@@ -4,10 +4,7 @@ FROM scratch AS nginx-files
 # the following links can be replaced with local files if needed, i.e. ADD --chown=101:1001 <local_file> <container_file>
 ADD --link --chown=101:1001 https://cs.nginx.com/static/keys/nginx_signing.rsa.pub nginx_signing.rsa.pub
 
-FROM nginx:1.29.1-alpine-otel
-# the following apk update and add are to address CVE-2025-59375, CVE-2025-8961/CVE-2025-9165, CVE-2025-9230, and CVE-2025-9231/CVE-2025-9232 respectively.
-# once a new base image is available with these package updates, they can be removed.
-RUN apk update && apk add --no-cache 'libexpat>=2.7.2-r0' 'tiff>=4.7.1-r0' 'libcrypto3>=3.5.4-r0' 'libssl3>=3.5.4-r0'
+FROM nginx:1.29.2-alpine-otel
 
 # renovate: datasource=github-tags depName=nginx/agent
 ARG NGINX_AGENT_VERSION=v3.3.2