Cyberpunk 2077 Keanu Reeves header

PSA: Some Cyberpunk 2077 game mods/custom saves might make your PC vulnerable to attacks

Cyberpunk 2077 is already out on the PC, and we also have some custom mods for this game as well. Such as the the Enhanced Controls Mod, a vehicle controls/handling mod and the third-person experimental mod. And then there is a trainer that you can use in order to skip the game’s grinding.

Now it appears that CD Projekt Red’s Customer Support team has just issued a warning on Twitter against using similar Cyberpunk 2077 game mods from unknown sources. According to them, some external DDL files used by this game can be used to execute vulnerable code on PCs, making the game an exploit tool.

The team has warned modders and players from using such files from “unknown sources”. They are currently working to patch the game and fix this issue asap.

Cyberpunk 2077 vulnerable attack tweet

By using mods or custom saves, some hackers could potentially use Cyberpunk 2077 as a means to literally hack the PC on which the MOD has been installed, because of the vulnerability in an external DLL file which this game uses.

Sadly, no other details on this vulnerability have been provided by the team yet. The game’s community members recently discovered a vulnerability showcasing how the game can actually connect to any system’s DLL files, which could then allow creators of mods/saves to take control of that particular PC at runtime.

One Redditor recently issued a warning on the r/cyberpunkgame subreddit explaining the discovery made by modder and Cyberpunk save editor creator PixelRick. Through the use of a mod or a crafted game save, malicious codes can be executed to take control of the PC by the creator of the save game/mod.

The error is in the external DLL files this game uses, and this issue can be potentially used as part of a remote code execution on PCs.

“We appreciate the input and are working on fixing this as soon as possible. In the meantime, we advise anyone to refrain from using files obtained from unknown sources.” – CDPR told Eurogamer.

In case you didn’t know, DLL files are already part of any operating system/OS and can be accessed by external apps/programs to run certain activities. In Cyberpunk 2077’s case, malicious mods might use your copy of Cyberpunk as a sort of “trojan horse” to sneak into your system, and thus gain full remote access to its files and contents.

Moreover, Cyberpunk save editor creator PixelRick has also confirmed that the PS4 too is prone to this vulnerability to some extent, though he didn’t mention the severity of this remote code execution.

This certainly is not good news for gamers especially since this game already suffers from other issues and bugs. For the time being, you should stay away from using or downloading any custom mod, at least from an unverified source. We expect CDPR to release a hotfix for this issue soon.

Stay tuned for more!