diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
index 94ac155d8..4555a863b 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
@@ -1166,6 +1166,14 @@ class ObjectController extends BrickController
 		$aHeaders['Content-Type'] = $oDocument->GetMimeType();
 		$aHeaders['Content-Disposition'] = (($sOperation === 'display') ? 'inline' : 'attachment').';filename="'.$oDocument->GetFileName().'"';
 
+		if (MetaModel::GetImageAttributeCode($sObjectClass) === $sObjectField) {
+			$sRequestedHash = $oRequest->get('s');
+			$sComputedHash = md5($oDocument->GetData());
+			if ($sRequestedHash !== $sComputedHash) {
+				throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
+			}
+		}
+
 		// N°4129 - Prevent XSS attacks & other script executions
 		if (utils::GetConfig()->Get('security.disable_inline_documents_sandbox') === false) {
 			$aHeaders['Content-Security-Policy'] = 'sandbox';
diff --git a/tests/php-unit-tests/unitary-tests/core/AttributeDefinitionTest.php b/tests/php-unit-tests/unitary-tests/core/AttributeDefinitionTest.php
index 1070db8e9..8f56c3eef 100644
--- a/tests/php-unit-tests/unitary-tests/core/AttributeDefinitionTest.php
+++ b/tests/php-unit-tests/unitary-tests/core/AttributeDefinitionTest.php
@@ -257,7 +257,7 @@ PHP
 		$defaultValue = $oDateAttribute->GetDefaultValue();
 
 		self::assertNull($defaultValue, 'Invalid default value for DateTime attribute should give null default value');
-		self::AssertLastErrorLogEntryContains("Invalid default value 'zabugomeuh' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
+		$this->AssertLastErrorLogEntryContains("Invalid default value 'zabugomeuh' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
 	}
 
 	public function testDateEmptyDefaultReturnsNullAsDefaultValue()
@@ -274,7 +274,7 @@ PHP
 		$oDateAttribute = $this->GivenAttribute(\WorkOrder::class, 'start_date', AttributeDate::class, 'zabugomeuh', false);
 
 		$defaultValue = $oDateAttribute->GetDefaultValue()
-		self::AssertLastErrorLogEntryContains("Invalid default value 'zabugomeuh' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
+		$this->AssertLastErrorLogEntryContains("Invalid default value 'zabugomeuh' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
 
 		self::assertNull($defaultValue, 'Invalid default value for Date attribute should give null default value');
 	}
@@ -286,7 +286,7 @@ PHP
 
 		$defaultValue = $oDateAttribute->GetDefaultValue();
 
-		self::AssertLastErrorLogEntryContains("Invalid default value '\"27/01/2025\"' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
+		$this->AssertLastErrorLogEntryContains("Invalid default value '\"27/01/2025\"' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
 		self::assertNull($defaultValue, 'Invalid default value for Date attribute should give null default value');
 	}