I am wondering the mechanism to reverse this exploit, as if I use this as a PoC against my own server how to I revert the escalation without rolling back to a previous version? How would an incident response team work to remediate this if exploited?

Assuming it is just to change the permissions of python back to what they were before without the suid being 0. It would be good to add that to the documentation for Incident Response or Admin teams who may want to test and fix.

Yes, by default it'll suid python, but that's an arbitrary command. You can run any command as root. If someone managed to trigger the exploit, there's not much you can do about it.