I think Akka is not impacted: Netty is only used by the classic TCP remoting, so if you switch to Artery I think you should be able to exclude the Netty dependency entirely.
Even if you do use classic remoting, those 3 CVE’s seem to be about HTTP features, while akka-remote only uses more low-level Netty features, so they wouldn’t impact Akka anyway.
I would suggest updating to Akka 2.6 anyway, though 