Bengaluru-based cybersecurity researcher Nisarga Adhikary, who recently completed Class 12, hacked into two domains of the Central Board of Secondary Education’s (CBSE) On-Screen Marking (OSM) portal, gaining full create, read, update, delete (CRUD) and shell access, according to medianama.com. He also accessed another subdomain, onmark.co.in, which is involved in exam evaluation for various universities.
Adhikary publicly exposed the security flaws on May 22 after the Indian cybersecurity agency CERT-In did not act on the vulnerabilities flagged over three months earlier. He demonstrated his access by playing the Bad Apple video on CBSE’s production site, showing super admin control of the portal. His findings were detailed in a blog post and shared on social media platform X.
This incident highlights significant cybersecurity weaknesses in CBSE’s critical exam evaluation infrastructure, raising concerns about data integrity and system security. The failure of CERT-In to address the issues promptly underscores challenges in safeguarding educational technology platforms. The breach could have implications for other government-run digital examination systems, emphasizing the need for stronger security protocols.
CBSE and related authorities have yet to announce remedial measures or timelines for fixing the vulnerabilities. Observers will be watching for official responses and steps taken to secure the OSM system and prevent future breaches, especially ahead of upcoming examination cycles. The incident may prompt broader reviews of cybersecurity practices in education sector IT systems.