Cyberpunk 2077 players told to "use caution" with mods and custom saves after exploit discovered Eurogamer.net If you click on a link and make a purchase we may receive a small commission. Read our editorial policy. Cyberpunk 2077 players told to "use caution" with mods and custom saves after exploit discovered CDPR says it's working on a fix. News by Emma Kent Contributor Updated on 2 Feb 2021 34 comments Following the discovery of a save file exploit, CD Projekt Red has told players to "use caution" when downloading files of unknown origin for use in Cyberpunk 2077. In a statement to Eurogamer, CDPR explained a little about the nature of the vulnerability: "A group of community members reached out to us to bring up an issue with the external DLL files the game uses. This issue can be potentially used as part of a remote code execution on PCs. We appreciate their input and are working on fixing this as soon as possible. In the meantime, we advise everyone to refrain from using files obtained from unknown sources. Anyone who plans to use mods or custom saves for Cyberpunk 2077 should use caution until we release the aforementioned fix." Watch on YouTube Eurogamer Next-Gen News Cast - Should Sony issue refunds for Control on PS5? According to modding community member PixelRick, who is credited with discovering the issue, the save file vulnerability is "not hard to find as it is a matter of luck, but it [is] tricky to exploit," describing it as a "vulnerability of the game and not a vulnerability of human nature". PixelRick provided an in-depth explanation, but here's an attempt at a simplified overview: when Cyberpunk 2077 reads a savefile it can create a buffer overflow. This buffer overflow can be used to redirect the running thread to an old DLL, at a fixed known address that doesn't have modern protection. In essence the vulnerability makes a non-executable file executable, which could carry out "any locally executed virus". On top of that, "the crafted save file can be silent, after closing the popup I open, the real savefile data is loaded by the game without errors," PixelRick added. "It is the trust system that is undermined since you should be able to trust data file mods to be harmless, and only be sceptical about executables in general." PixelRick said. "This vulnerability makes it impossible to really trust any modded data file for this game until [the] patch." After finding the exploit, PixelRick reported the vulnerability to the admin of the Cyberpunk 2077 modding Discord, and the information was passed to CDPR. A temporary fix was created for Cyber Engine Tweaks, a popular modding tool for Cyberpunk 2077, to tide users over until CDPR could issue an official patch. While so far it seems this exploit has not been spotted "in the wild" on sites like Nexus Mods, it's probably best to avoid downloading save files until that official fix is rolled out. Become a Eurogamer subscriber and get your first month for £1 Get your first month for £1 (normally £3.99) when you buy a Standard Eurogamer subscription. Enjoy ad-free browsing, merch discounts, our monthly letter from the editor, and show your support with a supporter-exclusive comment flair! Support us View supporter archive More News Google announces cloud gaming Chromebooks less than a fortnight after Stadia shutdown GeForce Now preinstalled. 4 Atari will hold RollerCoaster Tycoon rights for another decade Ups and downs. 7 Lady Dimitrescu will be a tad smaller in Resident Evil Village's Mercenaries DLC Level the playing field. 1 Overwatch 2 suffers another DDoS attack and character roster bugs Mei Mei. 13 Latest Articles Digital Foundry Nvidia GeForce RTX 4090: a new level in graphics performance The Digital Foundry video review - and how the new GPU champion delivers for 4K 120fps gaming. Feature Evercore Heroes wants to wind people up the right way "There's less rage at them, because they didn't end your fun." Google announces cloud gaming Chromebooks less than a fortnight after Stadia shutdown GeForce Now preinstalled. 4 Genshin Impact Path of Gleaming Jade dates, login event rewards Including other anniversary rewards and how to claim them. Supporters Only Premium only Off Topic: Take a minute to appreciate Cookin' with Coolio's incredible scallops recipe. What a great book. Premium only Off Topic: Reading City of Glass in comic form "Where exactly am I going?" Premium only Off Topic: Il Buco is a transporting film about a really big hole Underlands. Off-Topic Netflix handled Sandman brilliantly It was Dreamy. 9 Buy things with globes on them And other lovely Eurogamer merch in our official store! Explore our store