diff --git a/Core/GameEngine/Source/GameNetwork/ConnectionManager.cpp b/Core/GameEngine/Source/GameNetwork/ConnectionManager.cpp
index 739874c387..66b4e0f2b4 100644
--- a/Core/GameEngine/Source/GameNetwork/ConnectionManager.cpp
+++ b/Core/GameEngine/Source/GameNetwork/ConnectionManager.cpp
@@ -53,6 +53,36 @@
 #include "GameClient/DisconnectMenu.h"
 #include "GameClient/InGameUI.h"
 
+static Bool hasValidTransferFileExtension(const AsciiString& filePath)
+{
+	static const char* const validExtensions[] = {
+		"map",
+		"ini",
+		"str",
+		"wak",
+		"tga",
+		"txt"
+	};
+
+	const char* fileExt = strrchr(filePath.str(), '.');
+
+	if (fileExt == NULL || fileExt[1] == '\0')
+	{
+		return false;
+	}
+
+	fileExt++;
+
+	for (Int i = 0; i < ARRAY_SIZE(validExtensions); ++i)
+	{
+		if (stricmp(fileExt, validExtensions[i]) == 0)
+		{
+			return true;
+		}
+	}
+
+	return false;
+}
 
 /**
  * Le destructor.
@@ -665,6 +695,13 @@ void ConnectionManager::processFile(NetFileCommandMsg *msg)
 		return;
 	}
 
+	// TheSuperHackers @security bobtista 06/11/2025 Validate file extension to prevent arbitrary file types
+	if (!hasValidTransferFileExtension(realFileName))
+	{
+		DEBUG_LOG(("File '%s' has invalid extension for transfer operations.", realFileName.str()));
+		return;
+	}
+
 	if (TheFileSystem->doesFileExist(realFileName.str()))
 	{
 		DEBUG_LOG(("File exists already!"));