diff --git a/cabal-dev-scripts/cabal-dev-scripts.cabal b/cabal-dev-scripts/cabal-dev-scripts.cabal
index 2a2d180ee06..e994c58b021 100644
--- a/cabal-dev-scripts/cabal-dev-scripts.cabal
+++ b/cabal-dev-scripts/cabal-dev-scripts.cabal
@@ -17,7 +17,7 @@ executable gen-extra-source-files
   hs-source-dirs:      src
   build-depends:
     base                 >=4.10    && <4.12,
-    Cabal                >=2.2     && <2.4,
+    Cabal                >=2.2     && <2.6,
     bytestring,
     directory,
     filepath,
diff --git a/cabal-install/cabal-install.cabal b/cabal-install/cabal-install.cabal
index d97c3943538..572de904506 100644
--- a/cabal-install/cabal-install.cabal
+++ b/cabal-install/cabal-install.cabal
@@ -306,7 +306,7 @@ library
         base16-bytestring >= 0.1.1 && < 0.2,
         binary     >= 0.7      && < 0.9,
         bytestring >= 0.10.2   && < 1,
-        Cabal      >= 2.3      && < 2.4,
+        Cabal      == 2.5.*,
         containers >= 0.5      && < 0.7,
         cryptohash-sha256 >= 0.11 && < 0.12,
         deepseq    >= 1.3      && < 1.5,
@@ -372,7 +372,7 @@ executable cabal
     if flag(lib)
         build-depends:
             cabal-install,
-            Cabal      >= 2.3      && < 2.4,
+            Cabal,
             base,
             directory,
             filepath
@@ -385,7 +385,7 @@ executable cabal
             base16-bytestring >= 0.1.1 && < 0.2,
             binary     >= 0.7      && < 0.9,
             bytestring >= 0.10.2   && < 1,
-            Cabal      >= 2.3      && < 2.4,
+            Cabal      == 2.5.*,
             containers >= 0.5      && < 0.7,
             cryptohash-sha256 >= 0.11 && < 0.12,
             deepseq    >= 1.3      && < 1.5,
@@ -619,7 +619,7 @@ executable cabal
 
       cpp-options: -DMONOLITHIC
       build-depends:
-        Cabal      >= 2.3 && < 2.4,
+        Cabal      == 2.5.*,
         QuickCheck >= 2.8.2,
         array,
         async,
diff --git a/cabal.project b/cabal.project
index 13d3c10e85f..fe55828a4e5 100644
--- a/cabal.project
+++ b/cabal.project
@@ -9,6 +9,9 @@ constraints: unix >= 2.7.1.0
 allow-newer:
   hackage-repo-tool:optparse-applicative
 
+allow-newer:
+  hackage-security:Cabal
+
 program-options
   -- So us hackers get all the assertion failures early:
   --