Cyberpunk 2077 is an amazing game, but one plagued with many flaws. A recently discovered massive issue with the game is the fact there’s a vulnerability in the game’s code that allows possible direct access to vulnerable parts of the system. According to CD Projekt RED’s recent announcement, this issue lies with external DLLs, putting the blame on modders. This was right after they banned the use of mods that allowed players to have sexual relations with Johnny Silverhand’s character.
If you plan to use @CyberpunkGame mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources.
— CD PROJEKT RED CS (@CDPRED_Support) February 2, 2021
This is in fact pure misinformation if we are to believe a recent announcement by modder Yamasushi. According to him, the issue lies within the game’s code itself. He made the mod Cyber Engine Tweaks, which already has fixed numerous issues with the game, including the security vulnerabilities. So this comes off more as CDPR being salty that modders are fixing the game for them, rather than having consumers’ best interests in mind. Cyber threats are always evolving. To stay on top of emerging trends an organization must be innovative and informed, this takes a lot of time and effort. To maintain those capabilities in-house requires a lot of resources. Utilizing a company that specializes in cyber essentials, is more effective as you have access to an entire team of experts that will allow your team to focus on other business related tasks.
It’s very disheartening to see that CD Projekt RED once again are going back on their promises. Instead of working with the community, they release mod tools only to tell us that we can’t mod the game. And instead of owning up to their mistakes as they promised, they shift the blame onto the community that is just trying to help improve the experience.
This isn’t the first time CDPR has showed a strong stance against modders. Just recently, it’s been found that various mods that remove the character’s underwear have just stopped working altogether. And a mod that allowed sexual relations with Johnny Silverhand was outright banned on the grounds it was insulting to Keanu Reeves.
While it is easy to question the ethics of removing censorship in the game, for a lot of people these mods aided the immersion. I don’t know about you, but during a sex scene, it’s not really that immersive to wear underwear. And if I want to bang Johnny Silverhand, I’m not sure if that’s insulting to Keanu Reeves.
It seems that CDPR are once again just proving as two-faced as they have been throughout the entire marketing and release of the game. Promising one thing, but then turning out to just be lying to our faces. Let’s also not forget that both Adam Badowski and Marcin Iwinski have released complete non-apologies. Neither takes any responsibility for the game’s state on consoles.
Hotfix 1.12 is now available on PC!
This update addresses the vulnerability that could be used as part of remote code execution (including save files):
– Fixed a buffer overrun issue.
– Removed/replaced non-ASLR DLLs. pic.twitter.com/LAkBfVpnXf
— Cyberpunk 2077 (@CyberpunkGame) February 5, 2021
An Issue With Trust
CDPR just released a patch that fixes the issue. Of course, for people who use the Cyber Engine Tweaks mod, this patch is pointless. It might even break compatibility with some mods, though that remains to be seen.
What do you think of the situation? How do you feel about CD Projekt RED failing to act on their promises? Let us know in the comments!