It's important that he's hacking a system developed by (presumably) his lecturer or professor, not by the university's IT department.
The professor hopefully has an interest in actual security research and some level of intellectual curiosity in general. The IT department is more likely to run on security by checklist and certification, and much more likely to throw the student under the bus of some Academic Misconduct Committee.
It's a locally run VM, so I doubt IT even knows what's in there and wouldn't notice what you're doing with it. How do you know if a student mounts the disk of a VM locally that they've already downloaded to their laptop?
The goal of the assignment is to exploit something anyway, just not necessarily this way. And she got her professor's consent to publish the article.
It seems the system was moved to the cloud in later years with ssh-only access. Exploiting something inside the VM should be fine and maybe a feature for some assignments - probably one reason it's a VM in the first place. It's not like anyone's hacking the university network.
Since there's mention of `@bham.ac.uk` - I forget if it was Birmingham or Brighton or someone else, but the way things work in GB is teachers submit "unreleased" grades after marking their exams, an exam board approves or fiddles with these grades, and then the grades for all students on a course are released together on "results day". A CS student got in trouble somewhere because they passed around the info that you could see unreleased grades in the "learning mangement system" by selecting "view source" and looking for the "display:none" entries in a table or something like that.
The professor did take this very well, as it happened - he asked me to come along to one of his office hours to discuss how I did it and what I might do to prevent it, among other things. The quote "if you can exploit it like this, you're not really the target audience and you've already achieved the aims of the module" from the article is basically something he said to me word-for-word in that chat - in the end, it almost seemed like he was hoping someone would go after the implementation itself!
(I wrote this article)