Jump to content

Photo

Cyberpunk Vulnerability and a Temporary Ban on Save Games


  • Please log in to reply
59 replies to this topic

#1
BigBizkit

BigBizkit

    Community Manager

  • Admin
  • 6,338 posts
Update: CDPR have since released Hotfix 1.12 which addresses the exploit described in this news post meaning our temporary ban on save games is lifted again.

TL;DR

Very recently, news broke that the community discovered a vulnerability with Cyberpunk 2077 that would allow for arbitrary (potentially malicious) code to be executed when a save game is loaded. This means that there is potential for someone to hide malicious code in a save game and have an unsuspecting user load it, thus executing said code.

CDPR have since been made aware of this vulnerability in their game, but until they have fixed it, we’re forced to impose a temporary ban on new save game uploads effective from now. 

It is strongly recommended to install Cyber Engine Tweaks by yamashi, which patches this vulnerability.


The exploit

In essence, the exploit allows a nefarious user to manipulate a save game file in such a way that it appears to load normally (so the unsuspecting user does not notice anything wrong), when in reality it will redirect to an external dll used by the game. This can then be used to execute malicious code on the victim’s PC. 

We’d like to express our gratitude to the Cyberpunk modding community and PixelRickyRick in particular for finding and reporting this serious exploit to CDPR.

(You can find a more technical and detailed explanation of how exactly the exploit works in this PSA on the Cyberpunk subreddit u/Romulus_Is has thankfully written up.)

At this moment, the exploit/vulnerability is confirmed and CDPR have acknowledged it and pledged to fix the issue as a matter of urgency.


What you can do to be safe

We strongly recommend using Cyber Engine Tweaks by yamashi, who has provided a patch fixing the vulnerability and preventing the exploit from working. A huge thank you goes out to yamashi for moving so quickly.

If you are not using Cyber Engine Tweaks yet, we advise you to install it especially if you’re using mods and/or save games from other sources. Cyber Engine Tweaks installs seamlessly with our mod manager Vortex.

Apart from that, please be cautious and only download/install save games and 3rd party tools (generally speaking, tools that contain exe and/or dll files) from trusted sources until CDPR have addressed this issue. 


Temporary ban on save games

It is unfortunate that the game shipped with this vulnerability, but CDPR have since promised to address the issue as soon as possible. Until we can confirm the exploit has been fixed, we are forced to impose a temporary ban on save games effective from now. Any save game uploaded to the site after this announcement will be removed. 

We will be updating this post when CDPR have fixed the exploit at which point we should be able to lift the temporary ban on save games.

We apologise for the inconvenience and thank you for your understanding.

#2
Duskill

Duskill

    Faithful poster

  • Banned
  • PipPipPipPip
  • 1,063 posts
I have to say.

This is so cyberpunk.

#3
MrDave

MrDave

    Resident poster

  • Supporter
  • PipPipPipPipPip
  • 3,693 posts
Interesting. I had such regrets at buying the BG3 early access release that I didn't even bother buying this game. One 70 dollar disappointment is enough for one year.

#4
MrDave

MrDave

    Resident poster

  • Supporter
  • PipPipPipPipPip
  • 3,693 posts
In response to post #90150868.


Spoiler

Haha it is, isn't it!

#5
NotWord2

NotWord2

    idspispopd

  • Supporter
  • PipPipPipPip
  • 1,617 posts
In response to post #90150928.


Spoiler

Unlike Cyberpunk 2077 that was shipped on a disc and advertised as a finished product, Baldur's Gate 3 is still in Early Access phase. Devs themselves stated that the high price is dedicated for the hardcore fanbase that is willing to embrace the game for what it is.

#6
MONSTERaider

MONSTERaider

    Faithful poster

  • Premium Member
  • 2,043 posts
In response to post #90150868. #90150943 is also a reply to the same post.


Spoiler

I was thinking the same way, even the bugs the game has, I think it is part of design all along.

#7
IServeTheMoon

IServeTheMoon

    Regular

  • Members
  • PipPip
  • 88 posts
In response to post #90150928. #90151413 is also a reply to the same post.


Spoiler

That's a bulls*** corpo talk for "we want to exploit the most loyal fans of this franchise by asking them to pay full price for a product that is nowhere near shipping ready" but hey, it's not my money.

#8
Redshiftja

Redshiftja

    Timelost Dwemer

  • Members
  • PipPipPipPip
  • 2,047 posts
This is insane.

#9
Bartinga

Bartinga

    Old hand

  • Members
  • PipPipPip
  • 591 posts
Thanks for the heads up. Fortunately, I am using Cyber Engine Tweaks since its release, and never downloaded any save game and never will, as I like to play my own game.

#10
ArsenicTouch

ArsenicTouch

    CHAOS!

  • Premium Member
  • 974 posts
https://forums.cdpro.../#post-12855656

Straight from Yamashi. Bad CDPR, no cookie for you.

Edited by ArsenicTouch, 03 February 2021 - 01:02 PM.





IPB skins by Skinbox
Page loaded in: 1.106 seconds