An attacker could escalate privileges on the server, further penetrating the network, harvesting customer information or mounting credible social-engineering campaigns.
The unpatched flaw would allow a bad actor to execute information-exfiltrating malware, backdoors, ransomware or any other kind of bad code he or she chose.