The researchers responsible for 5 of the 6 rsync CVEs first publicly disclosed in January 2025 have now published their writeup in @Phrack Magazine, including attack scenarios and exploitation techniques https://www.openwall.com/lists/oss-security/2025/08/19/1
See Tweet