Update: Moments ago a hotfix solving this issue has been released, making mods safe to use in Cyberpunk 2077.
CD Projekt Red just can't catch a break, can they? Not a week has passed since the developers released
tools for Cyberpunk 2077, and already they have to caution users against downloading and installing mods due to a serious security risk that can allow the uploader of the files to execute malicious code remotely. Some mods have also proven to corrupt save files, though this is the smaller issue at hand.
Following the troubled launch of Cyberpunk 2077, CDPR has been in full damage control mode, releasing hotfixes and title updates focusing on hammering out the bugs and performance issues that cost the studio heaps of goodwill back in December. The free DLC program has been delayed, as have the paid expansions. The release of the modding tools was supposed to be a leap in the right direction, since lively modding communities are a surefire way to endear your game to more players while also cementing its longevity.
Alas, this move has seemingly backfired, at least temporarily until this blunder too can be fixed. CD Projekt Red urged players to refrain from using mods via their official social media channels, stating that a vulnerability in external DLL files can be used to remotely execute code. This could be used for all sorts of nefarious purposes, with mod authors loading their files with a broad array of malware that would essentially go undetected.
It was a real stroke of luck that this - as far as we know - became known before any real harm was done. Had the vulnerability been discovered at the expense of some players, this could have turned into a second wave of controversy for the embattled game that has already resulted in one class action lawsuit against CD Projekt. CD Projekt Red has committed to releasing a fix for this vulnerability soon, which will make mods safe to download and use.