This issue is a bit complicated to explain standalone, so I will provide some of the required background. Essentially, the first thing to go over is the the Openzeppelin GovernorTimelockControl.sol, and how it interacts with the Timelock. As can be seen below, the governor contract calls the timelock, which then adds the necessary delay.
In the Summer.fi contest, cross chain Satellites (Governors on other chains), execute their schedule/execute directly through the Timelock, and not through their Governor flow.
The problem with this approach is that when the Timelock executes any onlyGovernance function on the Satellite, it is executed directly by calling it from the Satellite::_queueCrossChainProposal() function, instead of using its inherited Governor::execute() function.
The relevance is that the onlyGovernance modifier on the Satellite requires the call to have been placed in a Queue (check the OZ contract).
But this only happens when execution is routed through the Governor::execute() function (which, again, calls the Timelock, see OZ), not directly to the Timelock.
As a result, it will not be possible to execute certain functions on the Satellite governor contract from a cross chain call.
Conclusion
This finding would earn you $5668, I wouldn't say it is difficult, but it needs some OZ contest or at least running some tests. It results in medium severity since there is some functionality that won't work.