This query will report on the ESXi build number and will return the hostname of systems not running the fix versions listed here. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

to_array(SystemInfo)[?Build != 'Releasebuild-24585291' || Build != 'Releasebuild-24585300' || Build != 'Releasebuild-24585383'].['HostName:' HostName]