Skip to main content

Cyberpunk 2077 gets patch to fix PC save file exploit

Code red.

After a security vulnerability involving crafted save files was spotted by modders, CD Projekt Red has now rolled out a PC hotfix for Cyberpunk 2077 - meaning that particular exploit should be solved.

Hotfix 1.12 promises a fix to a vulnerability that allowed crafted save files to take advantage of a buffer overflow, which redirected the running thread to an old DLL from 2010, at a fixed address which lacked modern protections. The vulnerability meant that save files, which are normally considered a bit safer to download, could essentially be turned into executables that could carry out "any locally executed virus" on a user's PC - without the user noticing. For a more extended explanation, you can find my original story here - or simply listen to us chatting about it on this week's Eurogamer Next-Gen News Cast:

Eurogamer Next-Gen News Cast - Will PlayStation Studios publish more games on Xbox?Watch on YouTube

According to CDPR's tweet, this "buffer overrun issue" has now been fixed, while it seems the troublesome DLL has been "removed/replaced."

The vulnerability was initially discovered by PixelRick, who found the exploit when reverse-engineering the game to develop a save editor.

"I'd still like to remind people that some mods do contain executables files (.exe, .dll, .asi) that by nature represent a risk... and this threat is a constant one, whereas the vulnerability of sav.dat files is going to be patched," PixelRick told me earlier this week. So, you heard PixelRick: always be careful when downloading your mods, but at least this save file exploit should be fixed thanks to the hotfix.

Read this next