As stated in MongoDB's CVE record for CVE-2025-14847, your ApsaraDB for MongoDB instance may be exposed to security risks if all of the following conditions are met:

1. Zlib compression is enabled.
2. Public network access is allowed.
3. The IP whitelist of the instance is set to 0.0.0.0/0.

If you have instances with the risky configurations mentioned above, to mitigate potential threats, please take the following immediate action:

Recommended Action:

• We suggest avoiding the use of the Zlib compression algorithm and opting for alternative compression methods. You can change the value of the instance kernel parameter net.compression.compressors to snappy or zstd. Please note that changing this parameter will require a restart of the instance. For detailed instructions, please refer to the documentation on setting database parameters >

To completely eliminate the risk, we are closely tracking MongoDB's official patches and will promptly send an upgrade notification via email as soon as the new version is released. Please pay attention to future notifications.

If you have any questions, please feel free to contact us by submitting a support ticket. Thank you for your prompt attention and cooperation!