diff --git a/controller/value_resolver.rst b/controller/value_resolver.rst
index 6ceeee77084..7227578213b 100644
--- a/controller/value_resolver.rst
+++ b/controller/value_resolver.rst
@@ -148,6 +148,8 @@ Symfony ships with the following value resolvers in the
 
 In addition, some components, bridges and official bundles provide other value resolvers:
 
+.. _controller-value-resolver-current-user:
+
 :class:`Symfony\\Component\\Security\\Http\\Controller\\UserValueResolver`
     Injects the object that represents the current logged in user if type-hinted
     with ``UserInterface``. You can also type-hint your own ``User`` class but you
diff --git a/doctrine/events.rst b/doctrine/events.rst
index 8769c44211d..65f48d46047 100644
--- a/doctrine/events.rst
+++ b/doctrine/events.rst
@@ -164,7 +164,7 @@ listener in the Symfony application by creating a new service for it and
 
 .. configuration-block::
 
-    .. code-block:: attribute
+    .. code-block:: php-attributes
 
         // src/App/EventListener/SearchIndexer.php
         namespace App\EventListener;
diff --git a/security.rst b/security.rst
index 48f1915b70a..14801d08eb9 100644
--- a/security.rst
+++ b/security.rst
@@ -1881,29 +1881,65 @@ Fetching the User Object
 ------------------------
 
 After authentication, the ``User`` object of the current user can be
-accessed via the ``getUser()`` shortcut in the
-:ref:`base controller <the-base-controller-class-services>`::
+accessed via the :ref:`#[CurrentUser] <controller-value-resolver-current-user>` attribute or ``getUser()`` shortcut in the
+:ref:`base controller <the-base-controller-class-services>`:
 
-    use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+.. configuration-block::
 
-    class ProfileController extends AbstractController
-    {
-        public function index(): Response
+    .. code-block:: php-attributes
+
+        // src/Controller/ProfileController.php
+        namespace App\Controller;
+
+        use App\Entity\User;
+        use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+        use Symfony\Component\Security\Http\Attribute\CurrentUser;
+
+        class ProfileController extends AbstractController
         {
             // usually you'll want to make sure the user is authenticated first,
             // see "Authorization" below
-            $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
+            #[IsGranted('IS_AUTHENTICATED_FULLY')]
+            public function index(
+                // returns your User object, or null if the user is not authenticated
+                #[CurrentUser] ?User $user
+            ): Response {
+                // Call whatever methods you've added to your User class
+                // For example, if you added a getFirstName() method, you can use that.
+                return new Response('Well hi there '.$user->getFirstName());
+            }
+        }
 
-            // returns your User object, or null if the user is not authenticated
-            // use inline documentation to tell your editor your exact User class
-            /** @var \App\Entity\User $user */
-            $user = $this->getUser();
+    .. code-block:: php
+
+        // src/Controller/ProfileController.php
+        namespace App\Controller;
 
-            // Call whatever methods you've added to your User class
-            // For example, if you added a getFirstName() method, you can use that.
-            return new Response('Well hi there '.$user->getFirstName());
+        use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+
+        class ProfileController extends AbstractController
+        {
+            public function index(): Response
+            {
+                // usually you'll want to make sure the user is authenticated first,
+                // see "Authorization" below
+                $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
+
+                // returns your User object, or null if the user is not authenticated
+                // use inline documentation to tell your editor your exact User class
+                /** @var \App\Entity\User $user */
+                $user = $this->getUser();
+
+                // Call whatever methods you've added to your User class
+                // For example, if you added a getFirstName() method, you can use that.
+                return new Response('Well hi there '.$user->getFirstName());
+            }
         }
-    }
+
+.. note::
+
+    The ``#[CurrentUser]`` attribute can only be used in controller arguments to
+    retrieve the authenticated user.
 
 Fetching the User from a Service
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/18005.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/18005.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/18005.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/18005.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>