Depends on where in the system it is. If it's part of a flow involving sensitive data, an open redirect can be used to harvest that data from users. This might be anything from login credentials to bank account info, depending on what flow is involved.