diff --git a/core-lightning/data/c-lightning-rest/certs/.gitkeep b/core-lightning/data/c-lightning-rest/certs/.gitkeep
deleted file mode 100644
index e69de29b..00000000
diff --git a/core-lightning/docker-compose.yml b/core-lightning/docker-compose.yml
index c2b2120f..1579a384 100644
--- a/core-lightning/docker-compose.yml
+++ b/core-lightning/docker-compose.yml
@@ -5,63 +5,57 @@ services:
     environment:
       APP_HOST: $APP_CORE_LIGHTNING_IP
       APP_PORT: $APP_CORE_LIGHTNING_PORT
-
   app:
-    image: ghcr.io/elementsproject/cln-application:0.0.7@sha256:430efedac652abeffb2fbb5dcb991ab1128c942f64204c4599d48c331c9eeb10
+    image: ghcr.io/elementsproject/cln-application:25.07.3@sha256:af22cebd21e1175651049d09cf2dd547da569fddd55e4c7766e5956bd47e91fa
     command: npm run start
     restart: on-failure
     volumes:
       - ${APP_DATA_DIR}/data/app:${APP_CONFIG_DIR}
       - ${APP_CORE_LIGHTNING_DATA_DIR}:${CORE_LIGHTNING_PATH}
-      - ${APP_CORE_LIGHTNING_REST_CERT_DIR}:${APP_REST_CERT_VOLUME_DIR}
     environment:
-      SINGLE_SIGN_ON: "true"
-      APP_IP: ${APP_CORE_LIGHTNING_IP}
+      APP_SINGLE_SIGN_ON: "true"
+      APP_HOST: ${APP_CORE_LIGHTNING_IP}
       APP_PORT: ${APP_CORE_LIGHTNING_PORT}
       BITCOIN_NETWORK: ${APP_CORE_LIGHTNING_BITCOIN_NETWORK}
-      LIGHTNING_IP: ${APP_CORE_LIGHTNING_DAEMON_IP}
-      LIGHTNING_GRPC_PORT: ${APP_CORE_LIGHTNING_DAEMON_GRPC_PORT}
-      LIGHTNING_WEBSOCKET_PORT: ${APP_CORE_LIGHTNING_WEBSOCKET_PORT}
-      LIGHTNING_REST_PORT: ${APP_CORE_LIGHTNING_REST_PORT}
-      APP_CORE_LIGHTNING_REST_CERT_DIR: ${APP_REST_CERT_VOLUME_DIR}
-      HIDDEN_SERVICE_URL: http://${APP_CORE_LIGHTNING_REST_HIDDEN_SERVICE}
-      LIGHTNING_PATH: ${CORE_LIGHTNING_PATH}
-      COMMANDO_CONFIG: ${COMMANDO_CONFIG}
-      APP_CONFIG_DIR: ${APP_CONFIG_DIR}
+      LIGHTNING_HOST: ${APP_CORE_LIGHTNING_DAEMON_IP}
+      LIGHTNING_TOR_HOST: http://${APP_CORE_LIGHTNING_REST_HIDDEN_SERVICE}
+      APP_CONNECT: COMMANDO
       APP_MODE: ${APP_MODE}
-      DEVICE_DOMAIN_NAME: ${DEVICE_DOMAIN_NAME}
-      LOCAL_HOST: http://${DEVICE_DOMAIN_NAME}
-      CA_CERT: ${CORE_LIGHTNING_PATH}/bitcoin/ca.pem
-      CLIENT_KEY: ${CORE_LIGHTNING_PATH}/bitcoin/client-key.pem
-      CLIENT_CERT: ${CORE_LIGHTNING_PATH}/bitcoin/client.pem
+      LIGHTNING_DATA_DIR: ${CORE_LIGHTNING_PATH}
+      APP_CONFIG_FILE: ${APP_CONFIG_DIR}/config.json
+      LIGHTNING_VARS_FILE: ${COMMANDO_CONFIG}
+      LIGHTNING_WS_PROTOCOL: ws
+      LIGHTNING_WS_PORT: ${APP_CORE_LIGHTNING_WEBSOCKET_PORT}
+      LIGHTNING_WS_CLIENT_KEY_FILE: ${CORE_LIGHTNING_PATH}/${APP_CORE_LIGHTNING_BITCOIN_NETWORK}/client-key.pem
+      LIGHTNING_WS_CLIENT_CERT_FILE: ${CORE_LIGHTNING_PATH}/${APP_CORE_LIGHTNING_BITCOIN_NETWORK}/client.pem
+      LIGHTNING_WS_CA_CERT_FILE: ${CORE_LIGHTNING_PATH}/${APP_CORE_LIGHTNING_BITCOIN_NETWORK}/ca.pem
+      LIGHTNING_REST_PROTOCOL: https
+      LIGHTNING_REST_HOST: ${APP_CORE_LIGHTNING_DAEMON_IP}
+      LIGHTNING_REST_TOR_HOST: http://${APP_CORE_LIGHTNING_REST_HIDDEN_SERVICE}
+      LIGHTNING_REST_PORT: ${APP_CORE_LIGHTNING_REST_PORT}
+      LIGHTNING_REST_CLIENT_KEY_FILE: ${CORE_LIGHTNING_PATH}/${APP_CORE_LIGHTNING_BITCOIN_NETWORK}/client-key.pem
+      LIGHTNING_REST_CLIENT_CERT_FILE: ${CORE_LIGHTNING_PATH}/${APP_CORE_LIGHTNING_BITCOIN_NETWORK}/client.pem
+      LIGHTNING_REST_CA_CERT_FILE: ${CORE_LIGHTNING_PATH}/${APP_CORE_LIGHTNING_BITCOIN_NETWORK}/ca.pem
+      LIGHTNING_GRPC_HOST: ${APP_CORE_LIGHTNING_DAEMON_IP}
+      LIGHTNING_GRPC_TOR_HOST: http://${APP_CORE_LIGHTNING_REST_HIDDEN_SERVICE}
+      LIGHTNING_GRPC_PORT: ${APP_CORE_LIGHTNING_DAEMON_GRPC_PORT}
+      LIGHTNING_GRPC_PROTO_PATH: https://github.com/ElementsProject/lightning/tree/master/cln-grpc/proto
+      LIGHTNING_GRPC_CLIENT_KEY_FILE: ${CORE_LIGHTNING_PATH}/${APP_CORE_LIGHTNING_BITCOIN_NETWORK}/client-key.pem
+      LIGHTNING_GRPC_CLIENT_CERT_FILE: ${CORE_LIGHTNING_PATH}/${APP_CORE_LIGHTNING_BITCOIN_NETWORK}/client.pem
+      LIGHTNING_GRPC_CA_CERT_FILE: ${CORE_LIGHTNING_PATH}/${APP_CORE_LIGHTNING_BITCOIN_NETWORK}/ca.pem
     networks:
       default:
         ipv4_address: ${APP_CORE_LIGHTNING_IP}
-
-  c-lightning-rest:
-    image: saubyk/c-lightning-rest:0.10.7@sha256:6666e9f1fd107a9946cc94d8c82862ed18ac0d2c80fcddf30282979a6c8eb46e
-    restart: on-failure
-    ports:
-      - ${APP_CORE_LIGHTNING_REST_PORT}:${APP_CORE_LIGHTNING_REST_PORT}
-    environment:
-      PORT: "${APP_CORE_LIGHTNING_REST_PORT}"
-      PROTOCOL: "http"
-      LN_PATH: "${CORE_LIGHTNING_PATH}"
-    volumes:
-      - "${APP_CORE_LIGHTNING_REST_CERT_DIR}:/usr/src/app/certs"
-      - "${APP_CORE_LIGHTNING_DATA_DIR}:${CORE_LIGHTNING_PATH}"
-    networks:
-      default:
-        ipv4_address: ${APP_CORE_LIGHTNING_REST_IP}
-
   lightningd:
-    image: elementsproject/lightningd:v25.05@sha256:1afd2496b285577c252d8b3b81810f7bf6a24b573002ce994edb99097e6a7fae
+    image: elementsproject/lightningd:v25.09.3@sha256:ca95610b7db23a8fad5cf6e36044ecd4ff9124dcc7dae50bd151084d39feaf70
     restart: on-failure
     ports:
       - ${APP_CORE_LIGHTNING_DAEMON_PORT}:9735
       - ${APP_CORE_LIGHTNING_WEBSOCKET_PORT}:${APP_CORE_LIGHTNING_WEBSOCKET_PORT}
       - ${CORE_LIGHTNING_REST_PORT}:${CORE_LIGHTNING_REST_PORT}
       - ${APP_CORE_LIGHTNING_DAEMON_GRPC_PORT}:${APP_CORE_LIGHTNING_DAEMON_GRPC_PORT}
+    environment:
+      LIGHTNINGD_NETWORK: ${APP_CORE_LIGHTNING_BITCOIN_NETWORK}
     command:
       - --bitcoin-rpcconnect=${APP_BITCOIN_NODE_IP}
       - --bitcoin-rpcuser=${APP_BITCOIN_RPC_USER}
@@ -75,7 +69,6 @@ services:
       - --tor-service-password=${TOR_PASSWORD}
       - --network=${APP_CORE_LIGHTNING_BITCOIN_NETWORK}
       - --database-upgrade=true
-      #- --experimental-offers
       - --grpc-host=${APP_CORE_LIGHTNING_DAEMON_IP}
       - --grpc-port=${APP_CORE_LIGHTNING_DAEMON_GRPC_PORT}
       - --clnrest-host=${APP_CORE_LIGHTNING_DAEMON_IP}
@@ -85,7 +78,6 @@ services:
     networks:
       default:
         ipv4_address: ${APP_CORE_LIGHTNING_DAEMON_IP}
-
   tor:
     image: getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
     user: "1000:1000"
diff --git a/core-lightning/exports.sh b/core-lightning/exports.sh
index 36e3aa3c..463a8be4 100644
--- a/core-lightning/exports.sh
+++ b/core-lightning/exports.sh
@@ -9,8 +9,6 @@ export APP_CORE_LIGHTNING_WEBSOCKET_PORT="2106"
 export APP_CORE_LIGHTNING_DATA_DIR="${EXPORTS_APP_DIR}/data/lightningd"
 export CORE_LIGHTNING_REST_PORT="2107"
 
-export APP_CORE_LIGHTNING_REST_CERT_DIR="${EXPORTS_APP_DIR}/data/c-lightning-rest/certs"
-
 export APP_CORE_LIGHTNING_BITCOIN_NETWORK="${APP_BITCOIN_NETWORK}"
 if [[ "${APP_BITCOIN_NETWORK}" == "mainnet" ]]; then
 	export APP_CORE_LIGHTNING_BITCOIN_NETWORK="bitcoin"
@@ -21,6 +19,5 @@ export APP_CORE_LIGHTNING_REST_HIDDEN_SERVICE="$(cat "${rest_hidden_service_file
 
 export APP_CONFIG_DIR="/data/app"
 export APP_MODE="production"
-export APP_REST_CERT_VOLUME_DIR="/c-lightning-rest/certs"
 export CORE_LIGHTNING_PATH="/root/.lightning"
 export COMMANDO_CONFIG="/root/.lightning/.commando-env"
diff --git a/core-lightning/hooks/pre-start b/core-lightning/hooks/pre-start
index f71f3b13..db703065 100755
--- a/core-lightning/hooks/pre-start
+++ b/core-lightning/hooks/pre-start
@@ -8,7 +8,7 @@ if [[ -f "${HIDDEN_SERVICE_FILE}" ]]; then
 	exit
 fi
 
-"${UMBREL_ROOT}/scripts/app" compose "${APP_ID}" up --detach c-lightning-rest
+"${UMBREL_ROOT}/scripts/app" compose "${APP_ID}" up --detach lightningd
 "${UMBREL_ROOT}/scripts/app" compose "${APP_ID}" up --detach tor
 
 echo "App: ${APP_ID} - Generating Tor Hidden Service..."
diff --git a/core-lightning/umbrel-app.yml b/core-lightning/umbrel-app.yml
index 8a1c8300..f18b6a5a 100644
--- a/core-lightning/umbrel-app.yml
+++ b/core-lightning/umbrel-app.yml
@@ -2,7 +2,7 @@ manifestVersion: 1.1
 id: core-lightning
 category: bitcoin
 name: Core Lightning
-version: "25.05-patch.1"
+version: "25.09.3"
 tagline: Run your personal Core Lightning node
 description: >-
   Get started with the Lightning network today with Core Lightning - a
@@ -32,33 +32,27 @@ defaultPassword: ""
 submitter: Blockstream
 submission: https://github.com/getumbrel/umbrel-apps/pull/475
 releaseNotes: >-
-  This update adds support for Backups in umbrelOS 1.5.
+  This updates cln-application to v25.07.3, lightningd to v25.09.3, and replaces the legacy c-lightning-rest service with the built-in REST interface of lightningd.
 
 
-  Previous release notes for v25.05:
+  **CLN Application v25.07.3:**
+    - Proactive mitigation against a widespread npm ecosystem threat involving malicious code in popular packages.
+    - Updated and streamlined environment variables for improved configuration and usability
+    - Added support for running Commando over secure WebSocket (eg. wss-proxy) connections
+    - Removed version and commit suffix from node aliases for a cleaner display
+    - Updated BKPR date format from YYYY-MM-DD to UI standard DD MMM, YYYY
+    - Added infinite scroll support for BTC Transactions, CLN Offers, and CLN Transactions
 
+  **CLN v25.09.3:**
+    - Bookkeeper has been migrated into core lightning, allowing visibility into payments, fees and channel activities.
+    - xpay can now directly pay BIP353 addresses (like ₿cln@blockstream.com) and simple offers without extra steps.
+    - Better feedback when channel creation fails due to capacity limits.
+    - Now limiting the number of parts a payment can be split on xpay and askrene
+    - Reckless now supports the modern uv package manager for Python plugins.
+    - Improvements to the rate of feasible solutions found in the main loop of the solver on askrene
+    - Splicing improvements allow for better compatibility with Eclair and continuous routing during channel modifications.
+    - Improve security by ensuring all peers must support channel type.
+    - Payment secrets now mandatory in BOLT11 invoices for better payment protection.
 
-  This release of Core Lightning includes many improvements, bug fixes, and new features.
-
-
-  **CLN Application v0.0.7:**
-    - Adding long awaited Bookkeeper graphs for account events, sats flow and volume
-    - New SQL Terminal to run SQL queries directly from the UI
-    - Connect wallet modal shows clnrest and cln-grpc information
-
-  **CLN Rest v0.10.7:**
-    - added support for generating p2tr addresses
-
-  **CLN v25.05:**
-    - Reduced latency of commit and revoke messages.
-    - Reckless can update existing reckless-installed plugins via reckless update.
-    - Fixed routing of AskRene via high capacity channels.
-    - More accurate anchor fees.
-    - Channel backup turns our peers into watchtowers by now allowing your node to generate penalty transactions!
-    - blacklisted runes can now be restored via relist.
-    - xpay has many, many bugfixes, and is now almost seamlessly compatible when xpay-handle-pay is used.
-    - lightning-cli has neater help output, and doesn't crash occasionally on xpay notifications.
-    - setconfig does more safety checks and uses a separate "config.setconfig" file for runtime changes: you can also now set transient=true if you don't want the config files changed.
-    - Fixed a bug where we would fail to collect our own funds if we force closed a channel we had leased with --experimental-dual-fund.
 backupIgnore:
   - data/lightningd/bitcoin/lightningd.sqlite3