"Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary number of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. The attack can be performed in practice, allowing an attacker to downgrade the connection's security by truncating the extension negotiation message (RFC8308) from the transcript. The truncation can lead to using less secure client authentication algorithms and deactivating specific countermeasures against keystroke timing attacks in OpenSSH 9.5"

And the resolution is:
"The primary solution is updating OpenSSH to version 9.6p1 or later. If you cannot immediately update OpenSSH, modify your SSH configuration to disable vulnerable ciphers: CONFIDENTIAL TECHNICAL REPORT | 40 – For servers, edit /etc/ssh/sshd_config and set Ciphers aes256-ctr,aes192-ctr,aes128-ctr (excluding [email protected] and CBC mode ciphers). –
For clients, edit ~/.ssh/config or /etc/ssh/ssh_config similarly. After making changes, restart the SSH service using sudo systemctl restart sshd"

But not having access to modify the /etc/ssh/ssh_config.d/99-vapp.conf file to update the ciphers. 

CA Identity Suite 14.5.1 CHF1

Not having access to modify the /etc/ssh/ssh_config.d/99-vapp.conf file to update the ciphers

An HF is available for providing the permissions, so that we can modify the /etc/ssh/ssh_config.d/99-vapp.conf file to update the ciphers. 

Please raise a support ticket and request the HF.

File Name:HF_VA-14.5.1-20250521115520-DE636337.tgz.gpg

For reference: Defect#DE636337