diff --git a/core/modules/file/file.module b/core/modules/file/file.module
index 4124b53cb785..93fed7a4b405 100644
--- a/core/modules/file/file.module
+++ b/core/modules/file/file.module
@@ -1092,6 +1092,10 @@ function _file_save_upload_single(\SplFileInfo $file_info, $form_field_name, $va
     }
   }
 
+  // Update the filename with any changes as a result of security or renaming
+  // due to an existing file.
+  $file->setFilename(\Drupal::service('file_system')->basename($file->destination));
+
   // If we made it this far it's safe to record this file in the database.
   $file->save();
 
diff --git a/core/modules/file/src/Tests/FileFieldWidgetTest.php b/core/modules/file/src/Tests/FileFieldWidgetTest.php
index bef39f17ebd2..0c18eaf80bb1 100644
--- a/core/modules/file/src/Tests/FileFieldWidgetTest.php
+++ b/core/modules/file/src/Tests/FileFieldWidgetTest.php
@@ -259,7 +259,7 @@ class FileFieldWidgetTest extends FileFieldTestBase {
       '%field' => $field_name,
       '@max' => $cardinality,
       '@count' => count($upload_files_node_creation) + count($upload_files_node_revision),
-      '%list' => implode(', ', array_fill(0, 3, $test_file->getFilename())),
+      '%list' => implode(', ', ['text-0_2.txt', 'text-0_3.txt', 'text-0_4.txt']),
     ];
     $this->assertRaw(t('Field %field can only hold @max values but there were @count uploaded. The following files have been omitted as a result: %list.', $args));
     $node_storage->resetCache([$nid]);
@@ -291,7 +291,7 @@ class FileFieldWidgetTest extends FileFieldTestBase {
       '%field' => $field_name,
       '@max' => $cardinality,
       '@count' => count($upload_files),
-      '%list' => $test_file->getFileName(),
+      '%list' => 'text-0_12.txt',
     ];
     $this->assertRaw(t('Field %field can only hold @max values but there were @count uploaded. The following files have been omitted as a result: %list.', $args));
   }
diff --git a/core/modules/file/tests/src/Functional/SaveUploadTest.php b/core/modules/file/tests/src/Functional/SaveUploadTest.php
index 0e3d6da48831..ea1ac109f1f6 100644
--- a/core/modules/file/tests/src/Functional/SaveUploadTest.php
+++ b/core/modules/file/tests/src/Functional/SaveUploadTest.php
@@ -207,6 +207,7 @@ class SaveUploadTest extends FileManagedTestBase {
     $this->assertResponse(200, 'Received a 200 response for posted test file.');
     $message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '.txt' . '</em>';
     $this->assertRaw($message, 'Dangerous file was renamed.');
+    $this->assertSession()->pageTextContains('File name is php-2.php.txt.');
     $this->assertRaw(t('File MIME type is text/plain.'), "Dangerous file's MIME type was changed.");
     $this->assertRaw(t('You WIN!'), 'Found the success message.');
 
@@ -222,7 +223,7 @@ class SaveUploadTest extends FileManagedTestBase {
     $this->drupalPostForm('file-test/upload', $edit, t('Submit'));
     $this->assertResponse(200, 'Received a 200 response for posted test file.');
     $this->assertNoRaw(t('For security reasons, your upload has been renamed'), 'Found no security message.');
-    $this->assertRaw(t('File name is @filename', ['@filename' => $this->phpfile->filename]), 'Dangerous file was not renamed when insecure uploads is TRUE.');
+    $this->assertSession()->pageTextContains('File name is php-2.php.');
     $this->assertRaw(t('You WIN!'), 'Found the success message.');
 
     // Check that the correct hooks were called.
@@ -292,6 +293,7 @@ class SaveUploadTest extends FileManagedTestBase {
     $this->drupalPostForm('file-test/upload', $edit, t('Submit'));
     $this->assertResponse(200, 'Received a 200 response for posted test file.');
     $this->assertRaw(t('You WIN!'), 'Found the success message.');
+    $this->assertSession()->pageTextContains('File name is image-test_0.png.');
 
     // Check that the correct hooks were called.
     $this->assertFileHooksCalled(['validate', 'insert']);
@@ -308,6 +310,7 @@ class SaveUploadTest extends FileManagedTestBase {
     $this->drupalPostForm('file-test/upload', $edit, t('Submit'));
     $this->assertResponse(200, 'Received a 200 response for posted test file.');
     $this->assertRaw(t('You WIN!'), 'Found the success message.');
+    $this->assertSession()->pageTextContains('File name is image-test.png.');
 
     // Check that the correct hooks were called.
     $this->assertFileHooksCalled(['validate', 'load', 'update']);
diff --git a/core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php b/core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php
index a94be8ba17db..673319458fef 100644
--- a/core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php
+++ b/core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockPrivateFilesTest.php
@@ -139,7 +139,7 @@ class InlineBlockPrivateFilesTest extends InlineBlockTestBase {
     $assert_session->pageTextContains('You are not authorized to access this page');
 
     $this->drupalGet('node/2/layout');
-    $file4 = $this->createPrivateFile('drupal.txt');
+    $file4 = $this->createPrivateFile('drupal_4.txt');
     $this->addInlineFileBlockToLayout('The file', $file4);
     $this->assertSaveLayout();