The host is installed with Cacti before 1.2.25 and is prone to a deserialization of untrusted data vulnerability. A flaw is present in the application, which fails to handle the graphs_new.php, specifically within the host_new_graphs_save function. Successful exploitation allows attackers to make the gadgets inaccessible and the insecure deserializations not exploitable.