A Redditor named Romulus_Is_Here brought the gaming community’s attention to the vulnerability in question on Sunday, and CD Projekt Red confirmed the risks in a Twitter post today.
So, what exactly is going on? According to the Redditor, “external DLL files” required by Cyberpunk 2077 can be maliciously used to execute code and take remote control of a PC through the installation of a save game or mod.
As we said, this has already been confirmed by CD Projekt Red, as you can see in the embedded tweet below. The studio advises users to “refrain from using files from unknown sources” until an official fix can be issued.
CDPR says that fix is coming “ASAP,” but has not provided us with a specific timeline yet. If you’re an avid Cyberpunk 2077 player and mod user, we’d recommend playing the game unmodded for a while. Alternatively, you can download the latest version of Cyber Engine Tweaks, a well-known mod that supposedly includes a fix for this vulnerability (among other helpful improvements).
The mod’s source files are viewable on GitHub, so you can confirm for yourself that it doesn’t include any malicious code.
Hopefully, CDPR will be able to fix this problem sooner rather than later. Cyberpunk 2077’s modding scene is only going to get bigger over the coming months, and the last thing users should have to worry about is getting their machine hacked because they downloaded a seemingly-harmless save game.