CBSE Portal Security Under Fire

A fresh cybersecurity controversy has put the Central Board of Secondary Education (CBSE) under the spotlight after 19-year-old ethical hacker Nisarga Adhikary claimed to have gained significant access to the board’s On-Screen Marking (OSM) portal. The incident attracted widespread attention when Adhikary shared a video allegedly showing the popular “Bad Apple” animation running on what he described as a CBSE production server.

The viral demonstration was intended to highlight what Adhikary believes are serious security weaknesses within CBSE’s digital infrastructure. According to his claims, he obtained extensive permissions on the system, including the ability to create, read, update, and delete records, as well as shell-level access to production servers. Such access, if verified, could potentially expose critical educational data and administrative functions.

Adhikary further stated that he discovered the vulnerability within 30 minutes and responsibly reported it to CBSE on February 25. Rather than exploiting the flaw, he claims he alerted the board months before the issue became public, providing an opportunity for corrective action. His actions have been widely viewed as an example of ethical disclosure aimed at improving cybersecurity rather than causing harm.

The matter escalated after CBSE issued a public clarification stating that the access was limited to a testing environment containing sample data and that no real student records or sensitive information had been compromised. The board emphasized that there had been no breach of actual examination systems.

However, Adhikary challenged the explanation, asserting that the vulnerability remained active. He publicly demonstrated continued access after CBSE’s statement, prompting questions about the effectiveness of the board’s response. CBSE later revised its clarification, citing an inadvertent error related to a portal link.

The controversy soon attracted attention from the wider cybersecurity community. Independent researchers and ethical hackers examined the claims and highlighted concerns regarding access controls, system configuration, and vulnerability management practices.

Beyond the technical debate, the incident serves as a wake-up call for organizations managing sensitive public data. It underscores the importance of timely vulnerability remediation, transparent communication, and constructive engagement with ethical hackers. As educational institutions increasingly rely on digital platforms, robust cybersecurity measures have become essential for maintaining trust, safeguarding information, and ensuring the integrity of critical systems.