If an adversary hacks your Tails system to get initial access, such as through phishing, they need to achieve privilege escalation in order to bypass Tor. The most recent Tails audit found several privilege escalation bugs.
If an adversary hacks your Qubes-Whonix system to get initial access, they need to achieve lateral movement to the Whonix Gateway, and then achieve privilege escalation from there in order to bypass Tor.
Is this accurate? That if an adversary got a shell on a whonix-workstation, they would need to first move laterally to Whonix Gateway, and then successfully escalate privileges to root in order to be able to bypass Tor?
And is it accurate that the only other distinct attack path would be a VM escape to dom0, then bypassing Tor from there?