diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d2ae6dc787..a16099630f9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Unreleased
 
 - Updated Twig to 3.14. ([#15704](https://github.com/craftcms/cms/issues/15704))
+- Fixed an RCE vulnerability.
 
 ## 4.12.1 - 2024-09-06
 
diff --git a/src/helpers/FileHelper.php b/src/helpers/FileHelper.php
index 0c2da884a79..85cf38183f4 100644
--- a/src/helpers/FileHelper.php
+++ b/src/helpers/FileHelper.php
@@ -133,7 +133,7 @@ public static function absolutePath(
             $from = static::absolutePath($from, ds: $ds);
         }
 
-        return $from . $ds . $to;
+        return static::normalizePath($from . $ds . $to, $ds);
     }
 
     /**