diff --git a/dockers/docker-ptf/Dockerfile.j2 b/dockers/docker-ptf/Dockerfile.j2
index b87334532fe..f843f7db0a6 100644
--- a/dockers/docker-ptf/Dockerfile.j2
+++ b/dockers/docker-ptf/Dockerfile.j2
@@ -121,10 +121,8 @@ ENV PATH="/usr/local/go/bin:$HOME/go/bin:$PATH"
 RUN go install github.com/fullstorydev/grpcurl/cmd/grpcurl@v1.9.3 \
     && mv "$(go env GOPATH)/bin/grpcurl" /usr/local/bin/grpcurl \
     && chmod +x /usr/local/bin/grpcurl
-# Security fixes: upgrade vulnerable system packages (S360 scan remediation)
-RUN apt-get update && apt-get install -y --only-upgrade \
-        telnet               \
-        inetutils-telnet     \
+# Security fixes: upgrade all vulnerable system packages (S360 scan remediation)
+RUN apt-get update && apt-get upgrade -y \
     && rm -rf /var/lib/apt/lists/*
 {% if PTF_ENV_PY_VER == "py3" %}
 RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
@@ -322,6 +320,9 @@ RUN set -e; \
 {{ install_python_wheels(docker_ptf_whls.split(' ')) }}
 {% endif %}
 
+# Ensure setuptools >= 70.0.0 to address GHSA-cx63-2mw6-8hw5
+RUN pip3 install "setuptools>=70.0.0"
+
 ## Adjust sshd settings
 RUN mkdir /var/run/sshd \
     && echo 'root:root' | chpasswd \