Cyberpunk 2077 devs warn of security vulnerability with mods
External DLL files can be used to execute code on PCs
Cyberpunk 2077 continues to compel me to do the grimace emoji face on a weekly basis. Here's the latest reason to wince: developers CD Projekt Red say that there's a security vulnerability in external DLL files used by the game that means you should be careful while using mods and custom saves with the game.
They put out the warning in a tweet, asking that folks "refrain from using files from unknown sources" until they can fix the issue.
CDPR then shared more details in a statement sent to Eurogamer:
"A group of community members reached out to us to bring up an issue with the external DLL files the game uses. This issue can be potentially used as part of a remote code execution on PCs. We appreciate their input and are working on fixing this as soon as possible. In the meantime, we advise everyone to refrain from using files obtained from unknown sources. Anyone who plans to use mods or custom saves for Cyberpunk 2077 should use caution until we release the aforementioned fix."33
The discovery of the vulnerability is credited to PixelRick, a Cyberpunk modder and one of the creators of the Cyberpunk Save Editor. He explained in a Reddit comment that the vulnerability would allow hackers to take "asset archives and save files" - normally non-executable files - and have them execute code on your machine at the point at which Cyberpunk loads said files. This could theoretically happen without the player knowing, as the game could continue to load the expected mod or saved game as normal afterwards.
Hopefully I haven't butchered that explanation. In short: thing bad, and CD Projekt Red are working to fix it. I'll try not to die from secondhand embarrassment in the meantime.
You're probably best to just avoid mods entirely for now, but once fixed, there are already some great Cyberpunk 2077 mods available.