FiveM's Fall 2025 update cycle has delivered a substantial set of changes aimed at tightening security, improving client stability, and overhauling the platform's documentation. Whether you run a large roleplay community or a smaller niche server, these updates carry practical implications worth understanding. Here is a full breakdown of everything that shipped.
Security Improvements
Asset Escrow Now Covers Scripts
Asset Escrow, which previously only protected 3D models distributed through Tebex, has been extended to cover Lua, JavaScript, and C# scripts. This is a significant shift for the FiveM economy. Script developers who sell premium resources can now encrypt and lock their code to authorized buyers, making it considerably harder to pirate or redistribute paid scripts.
Cfx.re has also confirmed that ongoing monitoring is in place to detect and act on escrow circumvention attempts. Server owners purchasing escrowed resources should review the new Asset Escrow documentation for details on supported file types, workflows, and current limitations.
ox_lib Security Vulnerability Fix
A critical vulnerability was discovered in ox_lib versions prior to v3.32.1. The flaw allowed malicious actors to exploit the library to crash nearby players, effectively enabling targeted griefing with no server-side logs to trace. The fix was shipped in ox_lib v3.32.1, and all server owners using ox_lib should update immediately.
If your server runs ox_lib, update to v3.32.1 or later as soon as possible. Older versions leave your players vulnerable to client crashes triggered by bad actors.
Server Enforcement Wave
Cfx.re rolled out a new enforcement wave targeting ban evasion. The updated detection mechanisms make it harder for banned players to circumvent restrictions using hardware spoofing or alternate accounts. While specific implementation details remain undisclosed for obvious reasons, the community has reported a noticeable drop in repeat offenders since the wave began.
Stability and Performance
This release cycle brought several under-the-hood fixes that directly impact how reliably the game client runs, particularly on servers with high entity counts.
- Crash prevention checks and memory corruption safeguards have been added to the game client, reducing the frequency of unexplained client crashes.
- The loading screen busy spinner display bug has been resolved — players will no longer see a stuck spinner on certain hardware configurations.
- A persistent issue where player ped collisions failed to load properly has been fixed, eliminating cases where players could walk through objects after spawning.
- The ped deletion buffer has been extended from approximately 160 to approximately 270 entries, giving the client more headroom before forcefully removing peds in dense areas.
- RedM-specific fixes include expanded networked vehicle and object pool sizes, plus a fix for the tranquilizer death flag that previously caused erratic behavior after being tranquilized.
Collectively, these changes target the most commonly reported crash and desync scenarios. Server owners running heavily populated servers with 100+ players should see measurable improvements in client stability.
Featured Server Discovery Changes
The FiveM server browser homepage has received a meaningful update to how featured servers are displayed. Previously, the featured section was relatively static, favoring high-population servers that already had strong visibility. The new system introduces hourly rotation, cycling through eligible servers to give lower-population communities more exposure.
This is a welcome change for smaller server owners who have struggled to attract new players against established communities. Cfx.re has also published new documentation covering eligibility requirements, criteria for removal from the featured list, how to apply, and how to report servers that violate the guidelines.
If you run a server that meets the eligibility criteria, review the new featured server documentation and submit an application. The hourly rotation system means even newer servers can gain meaningful visibility.
Documentation Overhaul
One of the less flashy but most impactful parts of this release cycle is the comprehensive documentation refresh. Cfx.re has invested significant effort into making their docs more accessible to newcomers and more complete for experienced developers.
- A new "Getting Started" guide for first-time scripters, complete with demo videos walking through resource creation from scratch.
- A dedicated Asset Escrow guide covering supported file types, encryption workflows, Tebex integration steps, and current limitations.
- Server name color customization documentation, explaining how to use formatting codes in server names displayed in the browser.
- An updated Tebex store setup guide with video tutorials covering storefront configuration, resource linking, and escrow activation.
- Lua 5.3 deprecation notices — server owners still running resources that depend on Lua 5.3 behavior should begin migrating to Lua 5.4.
- NodeJS 22 opt-in is now documented. Server owners who want to use the latest Node runtime for their JavaScript resources can enable it through server configuration.
The documentation effort also benefited from 20+ community contributors across three repositories, with notable contributions to RedM stability fixes and native documentation enhancements.
What Server Owners Should Do
With the scope of changes in this release, here are the key action items for server owners and developers:
- Update ox_lib to v3.32.1 or later. The security vulnerability in older versions is actively exploitable and there is no reason to delay this update.
- Review Asset Escrow if you sell or use paid scripts. Understand how escrow affects your workflow, what file types are supported, and what limitations exist before adopting it.
- Read the new documentation. Even experienced developers will find useful information in the refreshed guides — particularly the Lua 5.3 deprecation notices and NodeJS 22 opt-in instructions.
- Check your server's featured eligibility. The new hourly rotation system creates real opportunities for smaller servers to gain players through the built-in browser.
Running your FiveM server on reliable hardware matters. GoodLeaf offers game server hosting with low-latency connections and DDoS protection — check out our game server plans for options that fit your community's needs.
Does the Asset Escrow extension mean all my scripts are automatically protected?+
No. Asset Escrow is opt-in and requires you to configure it through Tebex when distributing your resource. Only scripts explicitly set up with escrow encryption will be protected. Review the new Asset Escrow documentation for step-by-step instructions.
Is the ox_lib vulnerability still exploitable if I haven't updated?+
Yes. Versions of ox_lib prior to v3.32.1 remain vulnerable. The flaw allows malicious players to crash other nearby clients. Update immediately to protect your players.
Will the featured server rotation guarantee my server appears on the homepage?+
Not automatically. Your server must meet the eligibility criteria outlined in the new documentation, and you need to submit an application. Once accepted, the hourly rotation system will cycle your server into the featured section alongside other eligible servers.
