diff --git a/grobid-core/src/main/java/org/grobid/core/main/GrobidHomeFinder.java b/grobid-core/src/main/java/org/grobid/core/main/GrobidHomeFinder.java
index 3a3a0eb8d4..c0ef6e4ae0 100644
--- a/grobid-core/src/main/java/org/grobid/core/main/GrobidHomeFinder.java
+++ b/grobid-core/src/main/java/org/grobid/core/main/GrobidHomeFinder.java
@@ -173,7 +173,10 @@ private static List<Path> unzip(InputStream is, File destinationDir) throws IOEx
         ZipInputStream zipIn = new ZipInputStream(is);
         ZipEntry entry = zipIn.getNextEntry();
         while (entry != null) {
-            File filePath = new File(destinationDir, entry.getName());
+            File filePath = new File(destinationDir, entry.getName()).toPath().normalize().toFile();
+            if (!filePath.toPath().startsWith(destinationDir.toPath())) {
+                throw new IOException("Bad zip entry: " + entry.getName());
+            }
             try {
                 if (!entry.isDirectory()) {
                     String absolutePath = filePath.getAbsolutePath();