diff --git a/.github/workflows/update-docker-ci.yml b/.github/workflows/update-docker-ci.yml
index 7b8a7a72..9e5031a1 100644
--- a/.github/workflows/update-docker-ci.yml
+++ b/.github/workflows/update-docker-ci.yml
@@ -306,6 +306,28 @@ jobs:
             $image:arm64-latest \
             $image:amd64-latest
 
+  pre-commit:
+    name: Build and push pre-commit docker image
+    runs-on: heavy
+    needs: [repo, tools-merge]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/build-docker-image
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          images: |
+            ${{ needs.repo.outputs.GHCR_REPO }}/clio-pre-commit
+          push_image: ${{ github.event_name != 'pull_request' }}
+          directory: docker/pre-commit
+          tags: |
+            type=raw,value=latest
+            type=raw,value=${{ github.sha }}
+          platforms: linux/amd64,linux/arm64
+          build_args: |
+            GHCR_REPO=${{ needs.repo.outputs.GHCR_REPO }}
+
   ci:
     name: Build and push CI docker image
     runs-on: heavy
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a8cf47cf..56561fdc 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -43,7 +43,7 @@ repos:
         # hadolint-docker is a special hook that runs hadolint in a Docker container
         # Docker is not installed in the environment where pre-commit is run
         stages: [manual]
-        entry: hadolint/hadolint:v2.14 hadolint
+        entry: hadolint/hadolint:v2.14.0 hadolint
 
   - repo: https://github.com/codespell-project/codespell
     rev: 63c8f8312b7559622c0d82815639671ae42132ac # frozen: v2.4.1
diff --git a/docker/ci/Dockerfile b/docker/ci/Dockerfile
index 22fc917c..2f913392 100644
--- a/docker/ci/Dockerfile
+++ b/docker/ci/Dockerfile
@@ -43,26 +43,20 @@ RUN apt-get update \
     && rm -rf /var/lib/apt/lists/*
 
 # Install Python tools
-ARG PYTHON_VERSION=3.13
-
-RUN add-apt-repository ppa:deadsnakes/ppa \
-    && apt-get update \
+RUN apt-get update \
     && apt-get install -y --no-install-recommends --no-install-suggests \
-        python${PYTHON_VERSION} \
-        python${PYTHON_VERSION}-venv \
+        python3 \
+        python3-pip \
     && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* \
-    && curl -sS https://bootstrap.pypa.io/get-pip.py | python${PYTHON_VERSION}
-
-# Create a virtual environment for python tools
-RUN python${PYTHON_VERSION} -m venv /opt/venv
-ENV PATH="/opt/venv/bin:$PATH"
+    && rm -rf /var/lib/apt/lists/*
 
 RUN pip install -q --no-cache-dir \
+        # TODO: Remove this once we switch to newer Ubuntu base image
+        # lxml 6.0.0 is not compatible with our image
+        'lxml<6.0.0' \
         cmake \
         conan==2.20.1 \
-        gcovr \
-        pre-commit
+        gcovr
 
 # Install LLVM tools
 ARG LLVM_TOOLS_VERSION=20
diff --git a/docker/pre-commit/Dockerfile b/docker/pre-commit/Dockerfile
new file mode 100644
index 00000000..5943058d
--- /dev/null
+++ b/docker/pre-commit/Dockerfile
@@ -0,0 +1,36 @@
+ARG GHCR_REPO=invalid
+FROM ${GHCR_REPO}/clio-tools:latest AS clio-tools
+
+# We're using Ubuntu 24.04 to have a more recent version of Python
+FROM ubuntu:24.04
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# hadolint ignore=DL3002
+USER root
+WORKDIR /root
+
+# Install common tools and dependencies
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        curl \
+        software-properties-common \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Python tools
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        python3 \
+        python3-pip \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN pip install -q --no-cache-dir --break-system-packages \
+        pre-commit
+
+COPY --from=clio-tools \
+    /usr/local/bin/doxygen \
+    /usr/local/bin/