During a penetration testing engagement, you discover a vulnerability that allows for remote code execution with administrative privileges on a critical server housing sensitive customer data. What is the BEST initial action to take regarding this discovery?
Report the finding immediately to the client's primary or emergency contact.
Continue with the penetration test to identify additional vulnerabilities before reporting any findings.
Take steps to remediate the vulnerability before reporting it to maintain the integrity of the test.
Document the finding in the final report for regular submission timelines without direct communication.