Mods for games are nothing new and Cyberpunk 2077 mods have been pouring out pretty much since day one of the game’s launch. While there is always a risk of corrupted save files when modding any game, CD Projekt Red is warning players about potential security risks relating to a DLL file vulnerability.
For those that may not know, DLL is short for Dynamic Link Libraries and they are like EXEs but aren’t directly executable. DLL contains things like UIs, classes, variables, and other functions and is a part of virtually all operative systems. These files include important coding that most systems require at startup, and a failure to recognize this library can result in the failure for a system to boot up at all.
The studio behind the open-world RPG took to Twitter to offer up a warning, saying, “If you plan to use Cyberpunk 2077 mods/custom saves on PC, use caution. We’ve been made aware of a vulnerability in external DLL files the game uses, which can be used to execute code on PCs. [The] issue will be fixed ASAP. For now, please refrain from using files from unknown sources.”
If you plan to use @CyberpunkGame mods/custom saves on PC, use caution. We’ve been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources.
— CD PROJEKT RED CS (@CDPRED_Support) February 2, 2021
How the studio “became aware” of the issue is a Reddit thread that has since gone viral, detailing the security issue regarding certain Cyberpunk 2077 mods. “Through the use of a mod or a crafted save game, malicious codes can be executed to take control of the PC by the creator of the save game/mod,” reads the initial post. “CDPR was made aware of this serious security vulnerability for almost one week. They went on to release the Hotfix 1.11, but didn’t bother to address this. You have PixelRick (Red Tools Team) to thank, whose discovery brought this to the attention of the modding community.”
The redditor then went on to clarify the original post, mentioning that they originally thought this was a PC-specific issue given that PC modding is the most accessible and readily available avenue, but then another user confirmed that the vulnerability also extends out to PS4 players.
The entire thread details alternatives for players to use when modding as well, including how to spot malicious code when using resources like Nexus Mods. To learn more about the vulnerabilities CDPR is warning about, you can check out the full post right here. You can also learn more about Cyber Engine Tweaks for safer modding practices as well, seen here, while waiting for the official fix from the studio to push through.