An attacker with access to the debug interface can exploit this vulnerability and extract large amount of data from the flash memory. If you rely on this security feature, we highly recommend you to take appropriate action. The only way to avoid exploitation and thus keep the entire flash memory content confidential is to physically prevent an attacker from gaining access to the debug interface.
This announcement is part of a coordinated vulnerability disclosure process. An extensive article with technical details about the vulnerability will be published here on the 15 March 2020.