The Central Board of Secondary Education (CBSE) has officially acknowledged security vulnerabilities in parts of its digital evaluation ecosystem after a 19-year-old ethical hacker raised concerns about alleged flaws in the board’s On-Screen Marking (OSM) platform. The development marks a significant shift in CBSE’s position, as the board had initially denied reports suggesting its evaluation infrastructure faced serious security risks. The controversy has now escalated into a broader debate around cybersecurity, student privacy, digital governance, and the reliability of India’s rapidly expanding online examination systems.
CBSE Says Vulnerabilities Have Been Identified
In a public statement, CBSE said it has been monitoring vulnerabilities reported in the OnMark portal operated by one of its service providers. The board acknowledged that certain weaknesses had been identified and stated that steps are being taken to strengthen the platform’s security.
CBSE also revealed that cybersecurity experts from various government agencies and Indian Institutes of Technology (IITs) have been deployed to help secure the system and shift it toward a more robust infrastructure. According to the board, several vulnerabilities have already been contained while additional security checks remain ongoing.
The board further thanked ethical hackers and citizens who helped identify weaknesses in the system.
Teen Hacker Triggered The Controversy
The issue came into the spotlight after ethical hacker Nisarga Adhikary alleged that he had discovered multiple vulnerabilities within CBSE’s digital evaluation ecosystem. According to his claims, the flaws could potentially allow unauthorized access to examiner accounts and evaluation-related functions.
Adhikary has maintained that he informed both CBSE and CERT-In months earlier regarding the vulnerabilities. He claimed that some flaws remained unaddressed despite repeated alerts.
Earlier reports suggested that vulnerabilities allegedly involved authentication systems, password-reset mechanisms, account access controls, and examiner dashboards. Adhikary had claimed that under certain conditions, attackers might theoretically gain access to evaluation functions or student-related data.
New Allegations Raise Privacy Concerns
The controversy intensified further after Adhikary alleged that scanned answer sheets and question papers were stored in a publicly accessible cloud storage bucket without proper authentication controls. According to his claims, files could potentially be viewed or downloaded by unauthorized users.
Screenshots shared online reportedly showed directories containing scanned answer booklets and examination-related files. Cyber activists have since raised concerns about possible exposure of sensitive student information and examination records.
The allegations have also attracted political attention, with opposition leaders questioning data privacy protections and the implementation process behind the OSM system.
CBSE Maintains Evaluation System Was Not Hacked
Despite acknowledging vulnerabilities, CBSE continues to maintain that the actual live evaluation platform used for board examination marking was not compromised. The board has repeatedly stated that some of the URLs highlighted online were testing environments containing sample data rather than the production system used for evaluating answer sheets.
However, the latest admission regarding vulnerabilities has fueled public scrutiny, especially because the OSM platform has already faced criticism over answer-sheet mix-ups, portal glitches, and scanning issues during its rollout.
Bigger Questions Around Digital Education Systems
The incident has reignited concerns about the cybersecurity readiness of large-scale digital education platforms. As examination boards increasingly move toward online evaluation, cloud-based systems, and digital record management, experts argue that infrastructure security must evolve at the same pace.
For millions of students, examination systems represent some of the most sensitive educational infrastructure in the country. Any vulnerability affecting answer sheets, evaluation processes, or personal data can significantly impact public trust.
Summary
CBSE has acknowledged vulnerabilities in parts of its digital evaluation ecosystem after ethical hacker Nisarga Adhikary flagged alleged security flaws and potential data exposure risks. While the board insists its live evaluation platform was not hacked, it has deployed cybersecurity experts from government agencies and IITs to strengthen the system. The controversy has intensified concerns around student privacy, cybersecurity, and the reliability of India’s growing digital examination infrastructure.
