Framework vulnerabilities are similar to any other software vulnerabilities., they are often bugs in the code that allow hackers to gain access to your website.
Framework vulnerabilities are not malware, they are usually bugs in the software used to run your website, often the software providers have identified and released fixes for these vulnerabilities and they just need to be applied.
Malware can take advantage of these vulnerabilities to infect your website so the sooner your framework is patched the better.