diff --git a/AppImage/ProxMenux-1.2.2.AppImage b/AppImage/ProxMenux-1.2.2.AppImage
index b29e7ce3..f3d53cc3 100755
Binary files a/AppImage/ProxMenux-1.2.2.AppImage and b/AppImage/ProxMenux-1.2.2.AppImage differ
diff --git a/AppImage/ProxMenux-Monitor.AppImage.sha256 b/AppImage/ProxMenux-Monitor.AppImage.sha256
index 04536136..ad6881c3 100644
--- a/AppImage/ProxMenux-Monitor.AppImage.sha256
+++ b/AppImage/ProxMenux-Monitor.AppImage.sha256
@@ -1 +1 @@
-149acc8644e7830ddccda97faa452f36f9a820c507e2c6b54fc9a7e51b9b4297
+4602b8d4aa130c6f3cb017358d8459b473a5f05d64152fe13200b241932a73a8
diff --git a/AppImage/scripts/build_appimage.sh b/AppImage/scripts/build_appimage.sh
index b4474679..1573b94a 100644
--- a/AppImage/scripts/build_appimage.sh
+++ b/AppImage/scripts/build_appimage.sh
@@ -69,14 +69,19 @@ if [ ! -f "package.json" ]; then
     exit 1
 fi
 
-# Install dependencies if node_modules doesn't exist.
-# `--legacy-peer-deps` is required because vaul@0.9.9 (and a few others) still
-# declare peer-deps for React ≤18 while we're on React 19; npm 7+ refuses by
-# default. The actual runtime works fine with React 19.
-if [ ! -d "node_modules" ]; then
-    echo "📦 Installing dependencies..."
-    npm install --legacy-peer-deps
-fi
+# Always reconcile node_modules against the lockfile. The previous
+# guard (`if [ ! -d "node_modules" ]`) skipped install when an older
+# tree existed on disk — so a bump in package.json silently shipped
+# with the cached version. We hit this when bumping Next.js
+# 15.1.6 -> 15.1.9 for CVE-2025-55182: the build succeeded with the
+# stale node_modules and the AppImage still carried 15.1.6. `npm install`
+# is idempotent: when package.json + lockfile + node_modules already
+# agree it returns in under a second. `--legacy-peer-deps` is required
+# because vaul@0.9.9 (and a few others) still declare peer-deps for
+# React ≤18 while we are on React 19; npm 7+ refuses by default.
+# The actual runtime works fine with React 19.
+echo "📦 Reconciling dependencies against the lockfile..."
+npm install --legacy-peer-deps
 
 echo "🏗️  Building Next.js static export..."
 npm run export