diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 1725a1ad..dc76397e 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -122,6 +122,7 @@ jobs:
 
       - name: Verify Caddy Security Patches (CVE-2025-68156)
         if: steps.skip.outputs.skip_build != 'true'
+        timeout-minutes: 2
         run: |
           echo "🔍 Verifying Caddy binary contains patched expr-lang/expr@v1.17.7..."
           echo ""
@@ -137,7 +138,7 @@ jobs:
 
           echo ""
           echo "==> Caddy version:"
-          docker run --rm $IMAGE_REF caddy version || echo "Failed to get Caddy version"
+          timeout 30s docker run --rm $IMAGE_REF caddy version || echo "⚠️ Caddy version check timed out or failed"
 
           echo ""
           echo "==> Extracting Caddy binary for inspection..."