I mean, I guess you could technically get hit by another user on the same machine, but ZLIB compression is still like 99% of the exploit, which I'm surprised other outlets didn't report it as such.
Security firms estimate that over 87,000 MongoDB instances exposed to the internet are potentially vulnerable to the "MongoBleed" flaw (CVE-2025-14847). Other scanning services report figures as high as 100,000 to over 213,000 internet-exposed instances, many of which are likely unpatched.
I guess there is legit uses for having a database on a separate machine, but even then I would tunnel/vpn/encrypt the shit out of the traffic between them, so... /shrug.
RE: MongoBleed (CVE-2025-14847): A breakdown for Hive Engine Operators