Cyberpunk mods have been hit by a security breach as CD Projekt Red warns players to be careful what they install from third-party modders.

11:47, 03 Feb 2021

It's a case of life imitating art as Cyberpunk 2077 has been stuck by its own security breach that sounds like a storyline from the campaign of the sci-fi shooter. Since its release in December, CD Projekt Red's ambitious (and long-awaited) game has struggled with glitches, graphical complaints, and now, security issues. While news that CD Projekt Red would offer official mod support was a major win for the game's creative community, this is Cyberpunk 2077, so of course, there was going to be a problem.

As we've seen from CD Projekt Red highlights like The Witcher 3, modding can be big business. More than just letting Geralt of Rivia snowboard, putting Santa hats on the geese, and fusing Geralt and Vesemir to create their unofficial son called Geraltesemir, The Witcher 3 showed how mods can actually improve a game. It's much the same with Cyberpunk 2077, as NexusMods if filled with the weird and the wonderful alongside the downright useful.


Why shouldn't you use Cyberpunk 2077 mods?

Apparently, a problem with the game's external DLL files could allow someone to control Cyberpunk 2077 if you've installed a mod on PC or PlayStation 4. The issue was first highlighted by Red Tools mod PixelRickyRick and redditor Romulus_Is_Here. They explained, "Through the use of a mod or a crafted save game, malicious codes can be executed to take control of the PC by the creator of the save game/mod". Although it was originally thought to be confined to Cyberpunk 2077 on PC, it's now infiltrated PS4 too.

There are allegations that CD Projekt Red knew a week ago, but has only just made players aware. In a statement to Eurogamer, a spokesperson said, "A group of community members reached out to us to bring up an issue with the external DLL files the game uses.


"This issue can be potentially used as part of a remote code execution on PCs. We appreciate their input and are working on fixing this as soon as possible. In the meantime, we advise everyone to refrain from using files obtained from unknown sources. Anyone who plans to use mods or custom saves for Cyberpunk 2077 should use caution until we release the aforementioned fix". 


Is there a fix for Cyberpunk 2077 mods?

Explaining what's going on, Cyberpunk 2077 is making itself vulnerable when it reads a savefile. If it creates a buffer overflow, that can be used to redirect the running thread to an old DLL. In its simplest terms, it means mods can make non-executable files executable, meaning the game can allow "any locally executed virus". If you can't wait until CDPR's official fix, a temporary one has been created for the popular modding tool called Cyber Engine Tweaks.


Although there are no examples of the exploit being used through Nexus Mods, you're advised to steer clear until developers can iron out yet another kink. Nexus Mods has become our go-to resource for Cyberpunk mods. Even if some are just for fun, the most popular mods offer improvements to driving, a better minimap, and an in-game UI. Importantly, Cyberpunk 2077 mods allow fans to improve the game and take the workload off CD Projekt Red. Some of the mods would simply never register on the developer's radar. The mod issue isn't a complete disaster, but yet again, it's another smudge of CD Projekt Red's troubled report card.



Stay up to date with all the latest esports and gaming news by checking out our social channels here: Twitter | Facebook | Discord 

Images via CD Projekt Red

Esports Calendar