diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
index 13c91382dc..07fdf552be 100644
--- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
+++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
@@ -833,6 +833,13 @@ VerifyBuffer (
     return EFI_UNSUPPORTED;
   }
   if (AttachedData != NULL) {
+    if (InData != NULL) {
+      //
+      // The embedded content is found in SignedData but InData is not NULL
+      //
+      Status = EFI_UNSUPPORTED;
+      goto _Exit;
+    }
     //
     // PKCS7-formatted signedData with attached content; Use the embedded
     // content for verification