CD Projekt Red has warned players that installing Cyberpunk 2077 mods or custom save files on the PC could pose a security risk (via Kotaku). According to the company’s tweet, there’s apparently a “vulnerability in external DLL files the game uses which can be used to execute code on PCs.” The game’s official mod tools were just released last week.
The company warns users not to install files from unknown sources, though as Kotaku points out, that pretty much rules out all mods unless you can read and understand their code. When you’re dealing with a vulnerability that could potentially lead to arbitrary code running on your computer, it’s probably best not to risk it until a fix is available.
If you plan to use @CyberpunkGame mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources.— CD PROJEKT RED CS (@CDPRED_Support) February 2, 2021
This isn’t the first problem CD Projekt Red has faced with the Cyberpunk mod system — the company also had to ask players to stop installing mods that allowed them to have sex with Keanu Reeves’s character.