FromSoftware has released updates for both Armored Core VI Fires of Rubicon and Elden Ring to address a security vulnerability tied to Unity, following an issue disclosed earlier in October. The updates were deployed on December 16, 2025, with details shared through official release notes on Steam for each title.
According to the release notes, the updates specifically target a security vulnerability announced by Unity Technologies on October 3, 2025. The affected components include certain pre-order bonuses and the artwork and soundtrack applications associated with both games. FromSoftware emphasized that the core game content itself is not impacted by the vulnerability or by the update, which may come as a relief to players concerned about gameplay integrity.
The release notes for Armored Core VI state, “To address the security vulnerability announced by Unity Technologies on October 3, 2025, an update to some pre-order bonuses, as well as the artwork & soundtrack application was distributed.” The message further clarifies, “The main game is not impacted by the security vulnerability and the update. Thank you for your understanding.” Identical language was used in the release note published for Elden Ring, indicating that the same underlying issue and solution applied to both titles.
Both games are developed by FromSoftware but represent very different experiences within the studio’s catalog. Elden Ring, released on February 25, 2022, is an action role-playing game set in a large open world known as the Lands Between. It is known for its challenging combat, expansive exploration, and deep lore. Armored Core VI Fires of Rubicon, released on August 25, 2023, marked the return of the long-running mech action series and focuses on fast-paced, highly customizable vehicular combat on the planet Rubicon 3.
The security issue addressed by these updates stems from a Unity vulnerability disclosed in October 2025 and tracked as CVE 2025 59489. The exploit affects Unity-based applications built with versions from 2017.1 onward across multiple platforms, including Windows, macOS, Android, and Linux. It involves a file loading logic flaw that could allow a local attacker to execute arbitrary code or access sensitive data through the injection of a malicious native library using crafted startup commands.
Unity released patched editor versions and tools to help developers update affected releases, and FromSoftware’s updates indicate that the studio has now applied those fixes to the relevant non-gameplay components of Elden Ring and Armored Core VI. While the vulnerability did not impact the main games, the updates close a potential security gap connected to bundled bonus content, which is an important distinction, but still an important fix.
