They put out the warning in a tweet, asking that folks “refrain from using files from unknown sources” until they can fix the issue. CDPR then shared more details in a statement sent to Eurogamer: The discovery of the vulnerability is credited to PixelRick, a Cyberpunk modder and one of the creators of the Cyberpunk Save Editor. He explained in a Reddit comment that the vulnerability would allow hackers to take “asset archives and save files” - normally non-executable files - and have them execute code on your machine at the point at which Cyberpunk loads said files. This could theoretically happen without the player knowing, as the game could continue to load the expected mod or saved game as normal afterwards. Hopefully I haven’t butchered that explanation. In short: thing bad, and CD Projekt Red are working to fix it. I’ll try not to die from secondhand embarrassment in the meantime. You’re probably best to just avoid mods entirely for now, but once fixed, there are already some great Cyberpunk 2077 mods available.
