We’re aware of a vulnerability with the Apache Struts 2 application framework, which is used to develop web applications, that could allow an attacker to upload malicious files and run remote code execution (RCE) on the target server.
Schools using products impacted by this vulnerability should apply the latest patches as soon as possible. You can find more information on this and the impacted products in the vendor alert here, and the National Cyber Security Centre Advisory here.