CDPR's Cyberpunk 2077 Mods Warning Just Scratches The Surface Of Deeper Game Code Issues
Yesterday, forum user yamamushi replied to the main warning thread, which disclosed a vulnerability in Cyberpunk 2077. He explained that since the announcement, modders were getting blamed for the vulnerability when that line of reasoning was entirely wrong. Specifically, "What CDPR posted [in the thread] is WRONG, it isn't caused by an external DLL, the vulnerability is caused by a buffer overflow in a function they use to load strings, this function is used more than 100 times in the game, it is used to load the save games, the archive assets and other parts that we haven't investigated." In short, a malicious person could use any Cyberpunk 2077 data file to start exploiting.

At the end of the day, it seems that not all mods and modders are to blame as initially interpreted. Moreover, CD Projekt Red could have done a better job disclosing the issue at hand rather than using a simple tweet. Hopefully, we will not have to worry about all of this soon once CDPR patches the buffer overflow issue and Microsoft fixes the DLL. It even appears that PixelRick has a Cyberpunk 2077 update branch named after him, so hopefully a patch is just over the horizon. Overall, still be wary of what you download, but well-regarded mods for Cyberpunk 2077 are not going to be a massive danger to players at this time.