diff --git a/modules/cms/classes/Asset.php b/modules/cms/classes/Asset.php
index c0920752f..1073f8ed8 100644
--- a/modules/cms/classes/Asset.php
+++ b/modules/cms/classes/Asset.php
@@ -285,7 +285,14 @@ class Asset extends Extendable
             $fileName = $this->fileName;
         }
 
-        return $this->theme->getPath().'/'.$this->dirName.'/'.$fileName;
+        // Limit paths to those under the assets directory
+        $directory = $this->theme->getPath() . '/' . $this->dirName . '/';
+        $path = realpath($directory . $fileName);
+        if (!starts_with($path, $directory)) {
+            return false;
+        }
+
+        return $path;
     }
 
     /**