diff --git a/.trivyignore b/.trivyignore
index 72622a3c73c..1b22ccbe09a 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -5,3 +5,8 @@ CVE-2020-8911
 CVE-2020-8912
 GHSA-7f33-f4f5-xwgw
 GHSA-f5pg-7wfw-84q9
+
+# This Helm vulerability is does not create a security risk for the cmctl binary.
+# Since the cmctl x install command uses the trusted cert-manager Helm chart, and
+# this vulnerability requires a malicious chart to be used.
+CVE-2024-25620
diff --git a/make/base_images.mk b/make/base_images.mk
index 8434296cdf3..81cf5882df6 100644
--- a/make/base_images.mk
+++ b/make/base_images.mk
@@ -1,12 +1,12 @@
 # +skip_license_check
 # autogenerated by hack/latest-base-images.sh
-STATIC_BASE_IMAGE_amd64 := gcr.io/distroless/static-debian11@sha256:30c679764948df7b86cfb4a09f8f5baf6243849fe96cd97ea700f8319803e941
-STATIC_BASE_IMAGE_arm64 := gcr.io/distroless/static-debian11@sha256:88689f2748a15046058eb5e7d1246d64f4cee6634cd992a8b6f2f9767f270894
-STATIC_BASE_IMAGE_s390x := gcr.io/distroless/static-debian11@sha256:7126f2fed746095a5b70bdb95ca1cc07ac61c54018d3331bfdcb0c1a48377484
-STATIC_BASE_IMAGE_arm   := gcr.io/distroless/static-debian11@sha256:ca00b2ed9d0229bce935e71ceccd4cb24f15d109320adf198531813e3d3bca93
-STATIC_BASE_IMAGE_ppc64le := gcr.io/distroless/static-debian11@sha256:1d76fdb210ec19e7ee2157cb45dd5784e7e34222d9da0073ce3119b29ade9cd8
-DYNAMIC_BASE_IMAGE_amd64 := gcr.io/distroless/base-debian11@sha256:d08c10f03c27271160993f294e0eb120af71217d0cf4587c484cc5b7cb3fe5ee
-DYNAMIC_BASE_IMAGE_arm64 := gcr.io/distroless/base-debian11@sha256:71b79745bb79377e88d936fd362bf505ad9f278f6a613233f0be2f10b96b1b21
-DYNAMIC_BASE_IMAGE_s390x := gcr.io/distroless/base-debian11@sha256:c475a265eaa1926f0f65ce50eeda63eea4733b9ea5160912fc317a5d8181255a
-DYNAMIC_BASE_IMAGE_arm   := gcr.io/distroless/base-debian11@sha256:98490083d397cc14d8afae91fa1c00127b864f9a3ece67ae81b9f1a01e3f2c03
-DYNAMIC_BASE_IMAGE_ppc64le := gcr.io/distroless/base-debian11@sha256:318fa027cbd5d73aac5712dc8f64e6316ba5278619efd484b77b4e8ef972c120
+STATIC_BASE_IMAGE_amd64 := gcr.io/distroless/static-debian11@sha256:be1b7d7cd6a73c147005df4c81041a5aafb28a7c2e9821fb2c7a878024edc23d
+STATIC_BASE_IMAGE_arm64 := gcr.io/distroless/static-debian11@sha256:569498c14d8209cb7eb695dfe98a1586d0440ba9e94aa71e1e251bcd2e7be990
+STATIC_BASE_IMAGE_s390x := gcr.io/distroless/static-debian11@sha256:466e0c1c291b41b55d583912bfc32a99221e12c3d4eb741d3fe0ae148d89dc7f
+STATIC_BASE_IMAGE_arm   := gcr.io/distroless/static-debian11@sha256:969dd612605768037751b9643fe92c5e27abf4207e662a2f42de77bd77ecf3b4
+STATIC_BASE_IMAGE_ppc64le := gcr.io/distroless/static-debian11@sha256:e2cba570b294e2bf4f071b67fa2b0e614a89c0b23b9083f17372bc8dee711abb
+DYNAMIC_BASE_IMAGE_amd64 := gcr.io/distroless/base-debian11@sha256:13190661cbc681abf8c1f3546231bb1ff46c88ce4750a2818426c6e493a09163
+DYNAMIC_BASE_IMAGE_arm64 := gcr.io/distroless/base-debian11@sha256:1366f46d7a9a1758550f6734204f444ed972bcc8c09cd676aa3d37e4d16d6d8b
+DYNAMIC_BASE_IMAGE_s390x := gcr.io/distroless/base-debian11@sha256:a2cc10292740df61e200942e16da35e6e2d29cf84d5c8b1a0fa476137edcc007
+DYNAMIC_BASE_IMAGE_arm   := gcr.io/distroless/base-debian11@sha256:81eca51c6b7b2e352392fb0294fb767457a18998521a73d2f964944956ddf7a3
+DYNAMIC_BASE_IMAGE_ppc64le := gcr.io/distroless/base-debian11@sha256:fdae67300ef3861d1f3db18fbf28b8ad9a54b07f37be88919ec686f8696735a5