After a security vulnerability involving crafted save files was spotted by modders, CD Projekt Red has now rolled out a PC hotfix for Cyberpunk 2077 – meaning you should now be safe to share and download save files to your heart’s content.

Hotfix 1.12 promises a fix to a vulnerability that allowed crafted save files to take advantage of a buffer overflow, which redirected the running thread to an old DLL from 2010, at a fixed address which lacked modern protections. The vulnerability meant that save files, which are normally considered pretty safe to download, could essentially be turned into executables that could carry out “any locally executed virus” on a user’s PC – without the user noticing. For a more extended explanation, you can find my original story here – or simply listen to us chatting about it on this week’s Eurogamer Next-Gen News Cast:

According to CDPR’s tweet, this “buffer overrun issue” has now been fixed, while it seems the troublesome DLL has been “removed / replaced.”

Hotfix 1.12 is now available on PC! This update addresses the vulnerability that could be used as part of remote code execution (including save files):

– Fixed a buffer overrun issue.

– Removed / replaced non-ASLR DLLs. pic.twitter.com/LAkBfVpnXf – Cyberpunk 2077 (@CyberpunkGame) February 5, 2021

The vulnerability was initially discovered by PixelRick, who found the exploit when reverse-engineering the game to develop a save editor.

“I’d still like to remind people that some mods do contain executables files (.exe, .dll, .asi) that by nature represent a risk … and this threat is a constant one, whereas the vulnerability of sav.dat files is going to be patched, “PixelRick told me earlier this week. So, you heard PixelRick: always be careful when downloading your mods, but you should at least be able to trust save files again thanks to this hotfix.