This happens because Ultimate Member does some validation on /plugins/ultimate-member/includes/core/class-password.php using Password::form_init(); and after that validation, the page is redirected to the previous mentioned URL (that is the same from the email link but without the has and user_id, that was replaced with a cookie), so, the user clicks the link for something like this:
https://mysite.com/member-password-reset/?act=reset_password&hash=RcGpvp0FOwi8ldEjTuUv&user_id=149
but is redirected to something like this:
https://mysite.com/member-password-reset/?act=reset_password
As you can see, the original URL has a unique hash so, the cache won’t be an issue, but the redirected URL is always the same, and that’s where we have cache issues. And that’s why we need to exclude that URL.