Security Flaw Threatens Cyberpunk 2077 Mod Users
The mod reportedly enables an old DLL file to be used maliciously
News by Linden Garcia on Feb 02, 2021
A recently discovered vulnerability threatens mod users through exploiting a DLL file.
According to Red Tools mod member PixelRickyRick and Reddit user Romulus_Is_Here:
"through the use of a mod or a crafted save game, malicious codes can be executed to take control of the PC by the creator of the save game/mod."
CD Projekt Red warned users through a Tweet, which read:
"If you plan to use @CyberpunkGame mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources."
It was originally thought that the problem only occurred on PC, but it was soon elucidated that PlayStation 4 versions of the game also had the vulnerability.

Speaking to Eurogamer, CDPR delved into the issue further:
"This issue can be potentially used as part of a remote code execution on PCs. We appreciate their input and are working on fixing this as soon as possible. In the meantime, we advise everyone to refrain from using files obtained from unknown sources. Anyone who plans to use mods or custom saves for Cyberpunk 2077 should use caution until we release the aforementioned fix."
Through a somewhat complex issue, the game creates what is, essentially, a non-executable file (the DLL) into an executable one, which could be used to carry out a virus attack.
The latest update for the Cyber Engine Tweaks mod also claims to have rectified the issue already.
Cyberpunk 2077 is available for PC, PS4, PS5, Xbox One, Xbox Series X, and Google Stadia.
Linden Garcia
Editor, NoobFeed
Subscriber, NoobFeed
Related News
No Data.
