CD Projekt Red has issued a stern warning over a security flaw that has been discovered in one of the game's DLL files, that could allow remote code execution on PC and PS4 consoles running the game in the right circumstances.
The issue was discovered by a modder on the Red Tools team, and Redditor Romulus_Is_Here, who discovered that malicious mods or edited save game files could potentially run malicious code that could take control of the host machine.
CD Projekt Red apparently knew of the issue as recently as a week ago, but have only just confirmed the existence of the flaw.
Speaking to Eurogamer, the studio said that "a group of community members reached out to us to bring up an issue with the external DLL files the game uses" and that the issue "can be potentially used as part of a remote code execution on PCs."
CD Projekt advises against using mods or edited save games until the issue is fixed, although if you don't want to wait, the Cyber Engine Teaks mod, that brings performance enhancements and fixes to the game, has already fixed the vulnerability.
It is worth noting the issue isn't caused by modding, or CD Projekt Red, themselves, but a flaw within a third party DLL that the game uses. There's no time-frame for an official fix just yet, but hopefully, it will be rolled out very soon.