Cyberpunk Vulnerability Gives Modders Full Access to Your PC

Cyberpunk Header Image
(Image credit: CD Projekt Red)

CD Projekt Red is warning players to “use caution” when installing Cyberpunk 2077 mods or custom saves after members of the game's community discovered a vulnerability in how the game connects to your system’s DLL files that could allow creators of mods/crafted saves to take control of your PC at runtime. 

Two days ago, Redditor u/Romulus_Is_Here posted a warning to the r/cyberpunkgame subreddit detailing discoveries made by modder and Cyberpunk save editor creator PixelRick. According to the post, “Through the use of a mod or a crafted game save, malicious codes [sic] can be executed to take control of the PC by the creator of the save game/mod.”

The post doesn’t go into too much depth on how the vulnerability works, but has since been updated with an official tweet from CD Projekt Red confirming the weakness' existence and shedding more light onto how it works.

The tweet states that the error is in the external DLL files the game uses and says the “Issue will be fixed ASAP.” DLL files are already part of your operating system and can be accessed by external programs to run certain activities, so it seems like the issue here is that malicious mods might use your copy of Cyberpunk as a sort of trojan horse to sneak into your system and gain remote access to its files and activities.

“This issue can be potentially used as part of a remote code execution on PCs,” CDPR told Eurogamer. “We appreciate the input and are working on fixing this as soon as possible. In the meantime, we advise anyone to refrain from using files obtained from unknown sources.”

U/Romulus_Is_Here also warns that PixelRick “has confirmed that the PS4 too is susceptible to this vulnerability to an extent.”

The safest solution here is to not use mods from unverified sources, but until CDPR institutes an official patch, fans have come up with an alternate option. Cyber Engine Tweaks is a well-known fan plug-in from modder Yamashi that aims to fix the game’s notoriously inconsistent performance. In the plug-in’s most recent update, version 1.9.6, Yamashi claims to have fixed the vulnerability, which they reiterate can give “full access to your computer to whoever forged a malicious file.”

Night City is a dangerous place. Stay safe out there, Samurai. 

Michelle Ehrhardt

Michelle Ehrhardt is an editor at Tom's Hardware. She's been following tech since her family got a Gateway running Windows 95, and is now on her third custom-built system. Her work has been published in publications like Paste, The Atlantic, and Kill Screen, just to name a few. She also holds a master's degree in game design from NYU.

  • Phaaze88
    /LE SIGH
  • hotaru.hino
    It doesn't look like a goof on CDPR's part, just whoever made the DLL.
  • mac_angel
    hotaru.hino said:
    It doesn't look like a goof on CDPR's part, just whoever made the DLL.
    It's probably part of M$ .DLL, but I don't know, and the article doesn't give details. To me it sounds more along the lines of "be careful of what you download". For the most part, a system is only as secure as it's user. Going to sketchy web sites, downloading sketchy files or programs you find randomly, using crappy or no passwords, etc. I very rarely use mods that are not found on and even ponied up for a lifetime subscription since I use it regularly, they have a LOT of games they cover now, and I believe they do really great work. Especially with their program Vortex that most times install the mods for you, automatically update, and find conflicts with other mods. Other than that one, I check out WideScreenGamingForum since I'm an old man and still get a kick out of using 3 displays (and SLI, lol).
    I haven't bought CyberPunk 2077 yet. I very rarely buy games when they are first released because every game will always have bugs that need to be worked out. I don't think it's so much the fault of the developers (though they do have some responsibility), but just the endless amount of combinations in different systems. It would be virtually impossible for them to test on every combination of CPU, GPU, OS, Drivers, resolution, etc. and play through the game in each of these systems to see about finding bugs. Especially something that 'may' happen after 50 hours into the game, when you look at a specific thing, or try to do a certain thing in a specific way, in a certain order, etc, etc.
  • SethNW
    hotaru.hino said:
    It doesn't look like a goof on CDPR's part, just whoever made the DLL.

    Reading original Reddit post and based on Nexus site temporary ban on save files, which give it further validity, this exploit originated from CP save bug, which allows delivery of malicious payload through buffer overflow. That can be used to manipulate 3rd party DLLs CP uses. Without that save buffer overflow exploit this vulnerability would be useless. So CDPR is not really off the hook here. Unless it gets proven otherwise.