> I am offering a window of 30 days from today the 28th of April 2025 for [the organization] to mitigate or resolve the vulnerability before I consider any public disclosure.

Well, you started friendly but then made illegal threats. So they responded friendly but then sent you lawyers.