diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
index 47a53a4f9..fd5a9b288 100644
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
@@ -74,9 +74,19 @@ public class WatermarkController {
     public ResponseEntity<byte[]> addWatermark(@ModelAttribute AddWatermarkRequest request)
             throws IOException, Exception {
         MultipartFile pdfFile = request.getFileInput();
+        String pdfFileName = pdfFile.getOriginalFilename();
+        if (pdfFileName != null && (pdfFileName.contains("..") || pdfFileName.startsWith("/"))) {
+            throw new SecurityException("Invalid file path in pdfFile");
+        }
         String watermarkType = request.getWatermarkType();
         String watermarkText = request.getWatermarkText();
         MultipartFile watermarkImage = request.getWatermarkImage();
+        if (watermarkImage != null) {
+            String watermarkImageFileName = watermarkImage.getOriginalFilename();
+            if (watermarkImageFileName != null && (watermarkImageFileName.contains("..") || watermarkImageFileName.startsWith("/"))) {
+                throw new SecurityException("Invalid file path in watermarkImage");
+            }
+        }
         String alphabet = request.getAlphabet();
         float fontSize = request.getFontSize();
         float rotation = request.getRotation();