This vulnerability involves an XXE flaw in the /designer/loadReport endpoint of SpringBlade v4.8.0. Authenticated attackers can exploit this by sending specially crafted XML payloads that trigger external entity processing, enabling arbitrary code execution on the affected system. The CVSS 3.1 base score is 8.8, reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high impact on confidentiality, integrity, and availability. No patch or official fix has been documented in the provided data.

Successful exploitation can lead to arbitrary code execution with the privileges of the authenticated user, potentially compromising system confidentiality, integrity, and availability. This could allow attackers to execute malicious commands or gain further access within the affected environment. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the /designer/loadReport endpoint to trusted users only and monitor for suspicious activity related to XML processing. Avoid processing untrusted XML inputs where possible.