diff --git a/assemblies/assembly-release-notes-fixed-security-issues.adoc b/assemblies/assembly-release-notes-fixed-security-issues.adoc
deleted file mode 100644
index b68de1d889..0000000000
--- a/assemblies/assembly-release-notes-fixed-security-issues.adoc
+++ /dev/null
@@ -1,12 +0,0 @@
-:_content-type: ASSEMBLY
-[id="fixed-security-issues"]
-= Fixed security issues
-
-This section lists security issues fixed in {product} {product-version}.
-
-== {product} {product-bundle-version}
-
-include::modules/release-notes/snip-fixed-security-issues-in-product-1.5.0.adoc[leveloffset=+2]
-
-include::modules/release-notes/snip-fixed-security-issues-in-rpm-1.5.0.adoc[leveloffset=+2]
-
diff --git a/modules/release-notes/list-fixed-security-issues-in-product-1.5.0.txt b/modules/release-notes/list-fixed-security-issues-in-product-1.5.0.txt
deleted file mode 100644
index cb14d561b9..0000000000
--- a/modules/release-notes/list-fixed-security-issues-in-product-1.5.0.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-CVE-2024-56326
-CVE-2024-56201
-CVE-2024-45338
-CVE-2024-52798
-CVE-2024-56334
-CVE-2024-55565
-CVE-2025-22150
-CVE-2023-26136
diff --git a/modules/release-notes/list-fixed-security-issues-in-rpm-1.5.0.txt b/modules/release-notes/list-fixed-security-issues-in-rpm-1.5.0.txt
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/modules/release-notes/ref-release-notes-fixed-security-issues.adoc b/modules/release-notes/ref-release-notes-fixed-security-issues.adoc
new file mode 100644
index 0000000000..b68cbfaa4c
--- /dev/null
+++ b/modules/release-notes/ref-release-notes-fixed-security-issues.adoc
@@ -0,0 +1,5 @@
+:_content-type: REFERENCE
+[id="fixed-security-issues"]
+= Fixed security issues
+
+You can view the security issues fixed in {product} {product-version} at link:https://access.redhat.com/security/security-updates/cve?q=red+hat+developer+hub&p=1&sort=cve_publicDate+desc,allTitle+desc&rows=10&documentKind=Cve[Red Hat Security Updates].
\ No newline at end of file
diff --git a/modules/release-notes/single-source-fixed-security-issues.sh b/modules/release-notes/single-source-fixed-security-issues.sh
deleted file mode 100755
index 4fa0864f95..0000000000
--- a/modules/release-notes/single-source-fixed-security-issues.sh
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/bin/bash
-#
-# Copyright (c) 2024 Red Hat, Inc.
-# This program, and the accompanying materials are made
-# available under the terms of the Apache Public License 2.0,
-# available at http://www.apache.org/licenses/
-#
-# SPDX-License-Identifier: Apache-2.0
-
-# Single-source the release notes Fixed security issues section from Red Hat Security Data API.
-# See: https://docs.redhat.com/en/documentation/red_hat_security_data_api/1.0/html/red_hat_security_data_api/cve
-
-# Fail and stop on first error
-set -e
-
-# get the z-stream version from the bundle-version attribute. Note that while chart-version could be larger, this is the correct value for CVE tracking
-product_version="$(grep ':product-bundle-version:' artifacts/attributes.adoc | cut -d' ' -f2 )"
-
-single_source_from_security_data () {
-  sectionname="fixed-security-issues-in-${section}-${product_version}"
-  dirname=$(dirname ${BASH_SOURCE})
-  destination="${dirname}/snip-${sectionname}.adoc"
-  list="${dirname}/list-${sectionname}.txt"
-  # Assert that the list file exists.
-  if [ ! -f ${list} ]
-  then
-    echo "ERROR: The ${list} file is missing. You must create it to proceed. For a given version, can collect the list of CVEs from a JIRA query like https://issues.redhat.com/issues/?jql=labels%3DSecurityTracking+and+project%3DRHIDP+and+fixversion%3D1.3.1 or list of Erratas from https://errata.devel.redhat.com/advisory/filters/4213"
-    exit 1
-  fi
-  # Cleanup the destination files.
-  rm -f "$destination"
-  # Send output to the destination file.
-  exec 3>&1 1>> "$destination"
-  echo "= ${title}"
-  for cve in $(cat ${list} | sort | uniq)
-  do
-  # Start the list.
-  echo "link:https://access.redhat.com/security/cve/$cve[$cve]::"
-  # Call the API to return a list of details.
-  # Red Hat is last if there is one.
-  # Red Hat details is single line.
-  # MITRE details are multiline.
-  # We keep Red Hat details if present.
-  # We keep only the first two lines on MITRE details.
-  curl -s "https://access.redhat.com/hydra/rest/securitydata/cve/$cve.json" | jq -r '.details[-1]' | head -n 2
-  # Add a separation
-  echo ""
-  done
-  # Stop sending output to the destination file
-  exec 1>&3 3>&-
-  echo "include::${destination}[leveloffset=+2]"
-}
-
-title="{product} dependency updates"
-section="product"
-single_source_from_security_data
-
-title="RHEL 9 platform RPM updates"
-section="rpm"
-single_source_from_security_data
-
-echo "INFO: Verify that the assemblies/assembly-release-notes-fixed-security-issues.adoc file contains aforementioned required include statements."
diff --git a/modules/release-notes/snip-fixed-security-issues-in-product-1.5.0.adoc b/modules/release-notes/snip-fixed-security-issues-in-product-1.5.0.adoc
deleted file mode 100644
index c1edd25487..0000000000
--- a/modules/release-notes/snip-fixed-security-issues-in-product-1.5.0.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-= {product} dependency updates
-link:https://access.redhat.com/security/cve/CVE-2023-26136[CVE-2023-26136]::
-A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
-
-link:https://access.redhat.com/security/cve/CVE-2024-45338[CVE-2024-45338]::
-A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
-
-link:https://access.redhat.com/security/cve/CVE-2024-52798[CVE-2024-52798]::
-A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.
-
-link:https://access.redhat.com/security/cve/CVE-2024-55565[CVE-2024-55565]::
-nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
-
-link:https://access.redhat.com/security/cve/CVE-2024-56201[CVE-2024-56201]::
-A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.
-
-link:https://access.redhat.com/security/cve/CVE-2024-56326[CVE-2024-56326]::
-A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, storing a reference to a malicious string's format method is possible, then passing that to a filter that calls it. No such filters are built into Jinja but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.
-
-link:https://access.redhat.com/security/cve/CVE-2024-56334[CVE-2024-56334]::
-A flaw was found in the systeminformation library for Node.js. In Windows systems, the SSID parameter of the `getWindowsIEEE8021x` function is not sanitized before it is passed to cmd.exe. This may allow a remote attacker to execute arbitrary commands on the target system.
-
-link:https://access.redhat.com/security/cve/CVE-2025-22150[CVE-2025-22150]::
-A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.
-
diff --git a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.5.0.adoc b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.5.0.adoc
deleted file mode 100644
index e4930e95c6..0000000000
--- a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.5.0.adoc
+++ /dev/null
@@ -1 +0,0 @@
-= RHEL 9 platform RPM updates
diff --git a/titles/rel-notes-rhdh/title-rhdh-release-notes.adoc b/titles/rel-notes-rhdh/title-rhdh-release-notes.adoc
index 5cdd60e777..815f83a312 100644
--- a/titles/rel-notes-rhdh/title-rhdh-release-notes.adoc
+++ b/titles/rel-notes-rhdh/title-rhdh-release-notes.adoc
@@ -24,7 +24,7 @@ include::modules/release-notes/ref-release-notes-technology-preview.adoc[levelof
 include::modules/release-notes/ref-release-notes-fixed-issues.adoc[leveloffset=+1]
 
 
-include::assemblies/assembly-release-notes-fixed-security-issues.adoc[leveloffset=+1]
+include::modules/release-notes/ref-release-notes-fixed-security-issues.adoc[leveloffset=+1]
 
 
 include::modules/release-notes/ref-release-notes-known-issues.adoc[leveloffset=+1]