Serious vulnerabilities in files used with Cyberpunk 2077 could allow malware to run on your computer. CD Projekt Red has issued a sharp warning not to mod the game until they have released a fix that solves the problem.
The vulnerability in question exploits how Cyberpunk 2077 handles savings files and allows malware to be hidden and run from specially prepared mods. The problem originates in external DLL files that the game uses and is not fixed at the time of writing.
Reading tips: Better performance / more FPS in Cyberpunk 2077 with EZ Optimizer (video)
DLL stands for “Dynamic Link Library” and is a file type that contains instructions that other apps and games can call when they want to do different things. A DLL file can often be used by several different programs at the same time and expands the functionality in different ways.
Corrupt DLL file causes malware to run on your computer
In this case with Cyberpunk 2077, the malicious DLL file causes malware, which should not normally be able to run, to run in Windows and can thus be used to infect more files on the hard disk with malicious code.
The user PixelRick tells Eurogamer that data files for mods can normally be considered secure and that you generally only need to be skeptical of executable files.
This vulnerability makes it impossible to trust modded data files for this game before an update.
As mentioned above, CD Projekt Red is aware of the problem and has thanked the people concerned for flagging the problem to them.
Already today, the mod tool Cyber Engine Tweaks has been updated with a so-called hotfix that only solves this vulnerability, but the game developer still wants to warn against using files from unknown sources (or modes at all) until the problem is solved by them.
Reading tips: The first major update to Cyberpunk 2077 has been released – version 1.1
Cyberpunk 2077 has been heavily criticized for its many bugs and poor performance optimizations (especially on Xbox and Playstation). That a vulnerability creeps in is not surprising, but at the same time hardly desirable.
We hope for a quick hotfix that will resolve the issue shortly.