In brief: Adobe has patched a hole in ColdFusion to close critical vulnerabilities that allow attackers to bypass authentication and remotely hijack servers.

Four of the flaws (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632) are already exploited in the wild.
The patched holes include an authentication bypass, directory traversal, and a vulnerability that results in result in information disclosure from compromised servers.